CVE-1999-1049 — Arcserve Backup vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.5%

top 36.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Arcserve Backup

Timeline

PublishedFeb 21

Latest updateApr 30

Description

ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDbroadcom/arcserve_backup6.5

🔴Vulnerability Details

GHSA

GHSA-9729-phqg-qhx6: ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt↗2022-04-30

▶

CVEList

CVE-1999-1049: ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt↗2001-09-12

▶