Computer Security
[EN] no-pyccku

EMC Avamar security vulnerabilities
SecurityVulns ID:14064
Threat Level:
Description:Information leakage, weak passwords encryption.
Affected:EMC : Avamar 6.1
 EMC : Avamar 7.0
CVE:CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.)
 CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.)
Original documentdocumentEMC, ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability (27.10.2014)
 documentEMC, ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod