5/19/2023 0 Comments Retrospect client app![]() The flaw was publicly disclosed by Josep Pi Rodriguez and Pedro Guillen Nunez at the Hack in Paris conference in June 2014. All versions of the product are affected, including Retrospect 8 for Mac and Retrospect 7 for Windows. ![]() Customers using clients with public/private key authentication are not impacted. The vulnerability ( CVE-2015-2864) only affects customers who use clients with password protection. Retrospect has pointed out that the security hole can be exploited by “a sophisticated individual with a significant amount of technical expertise and network access.” “Attackers with network access to a machine running the Retrospect client may be able to generate brute-force passwords that are guaranteed to collide with the hashed password with a maximum of 128 tries.” “The password is not fully utilized when generating a hash, allowing the possibility of a weak hash with a higher probability of collision with other passwords,” the CERT Coordination Center at Carnegie Mellon University wrote in an advisory. However, researchers discovered a bug in the hash generating algorithm that makes it easy for an attacker to brute-force the password and gain access to the victim’s backup files. Retrospect backup clients are designed to store hashed versions of user passwords. for its cross-platform backup and recovery software address numerous bugs, including a password hashing weakness that puts users’ files at risk.
0 Comments
Leave a Reply. |