Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Mo

from [zhliu] Network Security [Permanent Link]
Subject: FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability
Date: Mon, 21 Jul 2008 18:41:00 -0700 (PDT) 
FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module
Weak Password Hash Arithmetic Vulnerability
http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
July 20, 2008

-- Affected Vendors:
EMC

-- Affected Products:
EMC Dantz Retrospect Backup Server 7.5.508

-- Vulnerability Details:

The Hash arithmetic which EMC Dantz Retrospect 7 backup Server
Authentication Module used is too simple.
Due to the poor hash arithmetic, attacker will gain client's password
using brute force without Time-consuming.

-- Vendor Response:
EMC has issued an update to correct this vulnerability:

http://www.emcinsignia.com/updates

-- Disclosure Timeline:
2008-04-20 - Vulnerability reported to vendor
2008-06-30 - Vendor issued update
2008-07-20 - Coordinated public release of advisory

Acknowledgment:

Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team


Disclaimer:

Although Fortinet has attempted to provide accurate information in these
materials, Fortinet assumes no legal responsibility for the accuracy or
completeness of the information. More specific information is available on
request from Fortinet. Please note that Fortinet's product information
does not constitute or contain any guarantee, warranty or legally binding
representation, unless expressly identified as such in a duly signed
writing.

About Fortinet ( www.fortinet.com ):

Fortinet is the pioneer and leading provider of ASIC-accelerated unified
threat management, or UTM, security systems, which are used by enterprises
and service providers to increase their security while reducing total
operating costs. Fortinet solutions were built from the ground up to
integrate multiple levels of security protection--including firewall,
antivirus, intrusion prevention, VPN, spyware prevention and anti-spam --
designed to help customers protect against network and content level
threats. Leveraging a custom ASIC and unified interface, Fortinet
solutions offer advanced security functionality that scales from remote
office to chassis-based solutions with integrated management and
reporting. Fortinet solutions have won multiple awards around the world
and are the only security products that are certified in six programs by
ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and
Anti-Spyware). Fortinet is privately held and based in Sunnyvale,
California.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability, zhliu <=
Previous by Date:  [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability, security
Next by Date:  Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw, Tim Loshak
Previous by Thread:  [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability, security
Next by Thread:  Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw, Tim Loshak
Indexes:  [Date] [Thread] [Top] [All Lists]