CVE-2014-4623

{"id": "CVE-2014-4623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-25T10:55:06.087", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html", "source": "security_alert@emc.com"}, {"url": "http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/70732", "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1031117", "source": "security_alert@emc.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97757", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."}, {"lang": "es", "value": "EMC Avamar 6.0.x, 6.1.x, y 7.0.x en Avamar Data Store (ADS) GEN4(S) y Avamar Virtual Edition (AVE), cuando Password Hardening anterior a 2.0.0.4 est\u00e1 habilitado, utiliza el cifrado UNIX DES para crear hashes de contrase\u00f1as, lo que facilita a atacantes dependientes de contexto obtener contrase\u00f1as en texto plano a trav\u00e9s de un ataque de fuerza bruta."}], "lastModified": "2017-08-29T01:35:04.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:avamar:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6109A356-88BC-40E8-80FB-1FF9CDA2E44D"}, {"criteria": "cpe:2.3:a:emc:avamar:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20BA1344-64D7-4B8B-BA21-98203D0F881C"}, {"criteria": "cpe:2.3:a:emc:avamar:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF968B7A-DC84-4451-8736-4D580D1982DD"}, {"criteria": "cpe:2.3:a:emc:avamar:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DD0BF0E-0EEC-43FD-B010-87B0C84BC85B"}, {"criteria": "cpe:2.3:a:emc:avamar:6.1.101-87:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D07714B-7D0D-46B0-A613-FA7AFF69610A"}, {"criteria": "cpe:2.3:a:emc:avamar:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73CBDDD0-59F1-4576-BF8A-BE2DA6225A21"}, {"criteria": "cpe:2.3:a:emc:avamar:7.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9223B4E8-B5C5-405B-A3DF-23C8DC3869D3"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}