Vulnerability Details : CVE-2015-2864
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
Exploit prediction scoring system (EPSS) score for CVE-2015-2864
Probability of exploitation activity in the next 30 days: 0.75%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2864
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-2864
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2864
-
http://www.securitytracker.com/id/1033948
Retrospect Password Hashing Error Lets Remote Users Access Files on the Target System - SecurityTracker
-
http://www.retrospect.com/support/kb/cve_2015_2864
Retrospect: Knowledge Base > CERT Vulnerability CVE-2015-2864Patch;Vendor Advisory
-
https://www.youtube.com/watch?v=MB8AL5u7JCA
HIP14-Fuzzing reversing and maths - YouTubeExploit
-
http://www.securityfocus.com/bid/75201
Retrospect Backup Client CVE-2015-2864 Weak Password Security Vulnerability
-
http://www.kb.cert.org/vuls/id/101500
VU#101500 - Retrospect Backup Client uses weak password hashingUS Government Resource;Third Party Advisory
Products affected by CVE-2015-2864
- cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*
- cpe:2.3:a:retrospect:retrospect:12.0.2:*:*:*:*:mac:*:*
- cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*
- cpe:2.3:a:retrospect:retrospect_client:12.0.2:*:*:*:*:mac:*:*
- cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:windows:*:*