Vulnerability CVE-2014-4623


Published: 2014-10-25

Description:
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
EMC -> Avamar 

 References:
http://xforce.iss.net/xforce/xfdb/97757
http://www.securitytracker.com/id/1031117
http://www.securityfocus.com/bid/70732
http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html

Copyright 2021, cxsecurity.com

 

Back to Top