CVE-2015-2864

critical

Description

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.

References

http://www.securitytracker.com/id/1033948

http://www.securityfocus.com/bid/75201

http://www.retrospect.com/support/kb/cve_2015_2864

http://www.kb.cert.org/vuls/id/101500

Details

Source: Mitre, NVD

Published: 2015-09-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00736