Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
NameCVE-2008-3289First vendor Publication2008-07-24
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289

CAPEC : Common Attack Pattern Enumeration & Classification

CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37Lifting Data Embedded in Client Distributions
CAPEC-65Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-102Session Sidejacking
CAPEC-117Data Interception Attacks
CAPEC-155Screen Temporary Files for Sensitive Information
CAPEC-157Sniffing Attacks
CAPEC-167Lifting Sensitive Data from the Client
CAPEC-204Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

100 %CWE-200Information Exposure

CPE : Common Platform Enumeration


Open Source Vulnerability Database (OSVDB)

47506EMC Dantz Retrospect Backup Client Cleartext Password Hash Remote Disclosure

Nessus® Vulnerability Scanner

2008-07-23Name : The remote backup client is affected by multiple vulnerabilities.
File : retrospect_client_esa_08_009.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

BID http://www.securityfocus.com/bid/30308
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/494560/100/0/threaded
CONFIRM http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639
MISC http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
SREASON http://securityreason.com/securityalert/4025
VUPEN http://www.vupen.com/english/advisories/2008/2150/references
XF http://xforce.iss.net/xforce/xfdb/43930

Alert History

If you want to see full details history, please login or register.
2016-04-26 17:39:46
  • Multiple Updates
2014-02-17 10:45:49
  • Multiple Updates
2013-05-11 00:22:05
  • Multiple Updates