Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-3289First vendor Publication2008-07-24
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37Lifting Data Embedded in Client Distributions
CAPEC-65Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-102Session Sidejacking
CAPEC-117Data Interception Attacks
CAPEC-155Screen Temporary Files for Sensitive Information
CAPEC-157Sniffing Attacks
CAPEC-167Lifting Sensitive Data from the Client
CAPEC-204Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

idName
CWE-319Cleartext Transmission of Sensitive Information
CWE-311Missing Encryption of Sensitive Data(CWE/SANS Top 25)
CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
47506EMC Dantz Retrospect Backup Client Cleartext Password Hash Remote Disclosure

Nessus® Vulnerability Scanner

DateDescription
2008-07-23Name : The remote backup client is affected by multiple vulnerabilities.
File : retrospect_client_esa_08_009.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/30308
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/494560/100/0/threaded
CONFIRMhttp://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639
MISChttp://www.fortiguardcenter.com/advisory/FGA-2008-16.html
SECUNIAhttp://secunia.com/advisories/31186
SREASONhttp://securityreason.com/securityalert/4025
VUPENhttp://www.vupen.com/english/advisories/2008/2150/references
XFhttp://xforce.iss.net/xforce/xfdb/43930

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:45:49
  • Multiple Updates
2013-05-11 00:22:05
  • Multiple Updates