CA BrightStor ARCserve Backup Agent Credential Disclosure

critical Nessus Plugin ID 11105

Synopsis

Backup share can be accessed without authentication.

Description

The remote host has an accessible ARCSERVE$ share.

Several versions of ARCserve store the backup agent username and password in a plaintext file on this share.

An attacker may use this flaw to obtain the password file of the remote backup agent, and use it to gain privileges on this host.

Solution

Limit access to this share to the backup account and domain administrator.

See Also

https://seclists.org/bugtraq/2001/Sep/171

Plugin Details

Severity: Critical

ID: 11105

File Name: arcserve_hidden_share.nasl

Version: 1.25

Type: local

Agent: windows

Family: Windows

Published: 8/22/2002

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/transport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/9/2004

Reference Information

CVE: CVE-2001-0960

BID: 3343