CVE-2016-0904

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-09-21 02:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-0904

Mitre link : CVE-2016-0904

CVE.ORG link : CVE-2016-0904


JSON object : View

Products Affected

emc

  • avamar_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-310

Cryptographic Issues