CVE-2015-2864

{"id": "CVE-2015-2864", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-21T10:59:00.100", "references": [{"url": "http://www.kb.cert.org/vuls/id/101500", "tags": ["US Government Resource", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.retrospect.com/support/kb/cve_2015_2864", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/75201", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id/1033948", "source": "cret@cert.org"}, {"url": "https://www.youtube.com/watch?v=MB8AL5u7JCA", "tags": ["Exploit"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision."}, {"lang": "es", "value": "Vulnerabilidad en Retrospect y Retrospect Client en versiones anteriores a 10.0.2.119 en Windows, en versiones anterioresa 12.0.2.116 en OS X y en versiones anteriores a 10.0.2.104 en Linux, genera indebidamente hashes de contrase\u00f1a, lo que hace m\u00e1s f\u00e1cil para atacantes remotos eludir la autenticaci\u00f3n y obtener acceso a los archivos de copia de seguridad mediante el aprovechamiento de una colisi\u00f3n."}], "lastModified": "2016-12-07T18:10:48.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "F0D942BA-5CB8-4428-B9F9-477CEF95F305"}, {"criteria": "cpe:2.3:a:retrospect:retrospect:12.0.2:*:*:*:*:mac:*:*", "vulnerable": true, "matchCriteriaId": "F0D24914-4CFC-4308-ABCE-41257B297481"}, {"criteria": "cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "67779501-A19B-41A9-92C9-DE01072EB5A6"}, {"criteria": "cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "584D8E51-0FA8-45CB-B982-40F5B0AB36C8"}, {"criteria": "cpe:2.3:a:retrospect:retrospect_client:12.0.2:*:*:*:*:mac:*:*", "vulnerable": true, "matchCriteriaId": "CEF6B991-A24F-48BF-BFEC-A592A04A8619"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}