CVE: CVE-2015-2864 - CVE-Search

CVE Details for CVE: CVE-2015-2864

Summary

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.

Timestamps
Last major update	07-12-2016 - 18:10
Published	21-09-2015 - 10:59
Last modified	07-12-2016 - 18:10

References

Vulnerable Configurations

cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*
cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*
cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*
cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*
cpe:2.3:a:retrospect:retrospect:12.0.2:*:*:*:*:mac:*:*
cpe:2.3:a:retrospect:retrospect:12.0.2:*:*:*:*:mac:*:*
cpe:2.3:a:retrospect:retrospect_client:12.0.2:*:*:*:*:mac:*:*
cpe:2.3:a:retrospect:retrospect_client:12.0.2:*:*:*:*:mac:*:*
cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:windows:*:*
cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:windows:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-255

CVSS

Base

5.0

Impact

2.9

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	75201
cert-vn	VU#101500
confirm	http://www.retrospect.com/support/kb/cve_2015_2864
misc	https://www.youtube.com/watch?v=MB8AL5u7JCA
sectrack	1033948