CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
emcavamar
6.0.1
emcavamar
6.0.2
emcavamar
6.0.3
emcavamar
6.1
emcavamar
6.1.101-87
emcavamar
7.0
emcavamar
7.0:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html
http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html
http://www.securityfocus.com/bid/70732
http://www.securitytracker.com/id/1031117
https://exchange.xforce.ibmcloud.com/vulnerabilities/97757
http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html
http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html
http://www.securityfocus.com/bid/70732
http://www.securitytracker.com/id/1031117
https://exchange.xforce.ibmcloud.com/vulnerabilities/97757