Computer Security
[EN] securityvulns.ru no-pyccku


EMC Avamar security vulnerabilities
Published:27.10.2014
Source:
SecurityVulns ID:14064
Type:remote
Threat Level:
5/10
Description:Information leakage, weak passwords encryption.
Affected:EMC : Avamar 6.1
 EMC : Avamar 7.0
CVE:CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.)
 CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.)
Original documentdocumentEMC, ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability (27.10.2014)
 documentEMC, ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod