CVE-1999-1049 - ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff t

CVE-1999-1049

Summary

ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.

References

http://marc.info/?l=bugtraq&m=91972006211238&w=2

Vulnerable Configurations

cpe:2.3:a:broadcom:arcserve_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:arcserve_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:arcserve_backup:6.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:arcserve_backup:6.5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 07-04-2021 - 18:13)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq

19990222 Severe Security Hole in ARCserve NT agents (fwd)

Last major update

07-04-2021 - 18:13

Published

21-02-1999 - 05:00

Last modified

07-04-2021 - 18:13