Vulnerabilities > CVE-2015-2864 - Credentials Management vulnerability in Retrospect and Retrospect Client

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

retrospect

CWE-255

NVD

Published: 2015-09-21

Updated: 2016-12-07

Summary

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.

Vulnerable Configurations

Part	Description	Count
Application	Retrospect Retrospect Retrospect 10.0.2 Retrospect Retrospect 12.0.2 Retrospect Retrospect Client 10.0.2 Retrospect Retrospect Client 12.0.2	5

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.kb.cert.org/vuls/id/101500
http://www.retrospect.com/support/kb/cve_2015_2864
http://www.securityfocus.com/bid/75201
http://www.securitytracker.com/id/1033948
https://www.youtube.com/watch?v=MB8AL5u7JCA