CVE-2008-3289 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Storcentric	Retrospect Backup Client	7.5.116

Related Weaknesses (CWE)

CWE-319

References

http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639Broken Link
http://secunia.com/advisories/31186Broken LinkPatchVendor Advisory
http://securityreason.com/securityalert/4025Third Party Advisory
http://www.fortiguardcenter.com/advisory/FGA-2008-16.htmlBroken LinkPatch
http://www.securityfocus.com/archive/1/494560/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30308Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2008/2150/referencesBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43930Third Party AdvisoryVDB Entry
http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639Broken Link
http://secunia.com/advisories/31186Broken LinkPatchVendor Advisory
http://securityreason.com/securityalert/4025Third Party Advisory
http://www.fortiguardcenter.com/advisory/FGA-2008-16.htmlBroken LinkPatch
http://www.securityfocus.com/archive/1/494560/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30308Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2008/2150/referencesBroken Link

FAQ

What is CVE-2008-3289?

CVE-2008-3289 is a vulnerability with a CVSS score of 7.5 (HIGH). EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

How severe is CVE-2008-3289?

CVE-2008-3289 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3289?

Check the references section above for vendor advisories and patch information. Affected products include: Storcentric Retrospect Backup Client.