CVE-2008-3288 - The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash alg

CVE-2008-3288

Summary

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.

References

Vulnerable Configurations

cpe:2.3:a:emc:dantz_retrospect_backup_server:7.5.508:*:*:*:*:*:*:*
cpe:2.3:a:emc:dantz_retrospect_backup_server:7.5.508:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2018 - 20:47)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	30319
bugtraq	20080722 FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
confirm	http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639
misc	http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
sectrack	1020534
secunia	31186
sreason	4026
vupen	ADV-2008-2150
xf	retrospect-authentication-weak-security(43935)

Last major update

11-10-2018 - 20:47

Published

24-07-2008 - 17:41

Last modified

11-10-2018 - 20:47