CVE-2014-4623

Published: Oct 25, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Affected (7)

Products: Emc: Avamar

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Emc Avamar	Version 6.0.1
Emc Avamar	Version 6.0.2
Emc Avamar	Version 6.0.3
Emc Avamar	Version 6.1.101-87
Emc Avamar	Version 6.1
Emc Avamar	Version 7.0
Emc Avamar	Version 7.0 sp1

Related CWEs

References (10)

http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html

Source: security_alert@emc.com

http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html

Source: security_alert@emc.com

http://www.securityfocus.com/bid/70732

Source: security_alert@emc.com

http://www.securitytracker.com/id/1031117

Source: security_alert@emc.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/97757

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/70732

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031117

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/97757

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.