CA BrightStor ARCserve Backup Agent Credential Disclosure

This script is Copyright (C) 2002-2016 Tenable Network Security, Inc.


Synopsis :

Backup share can be accessed without authentication.

Description :

The remote host has an accessible ARCSERVE$ share.

Several versions of ARCserve store the backup agent username and
password in a plaintext file on this share.

An attacker may use this flaw to obtain the password file of the
remote backup agent, and use it to gain privileges on this host.

See also :

http://seclists.org/bugtraq/2001/Sep/171

Solution :

Limit access to this share to the backup account and domain
administrator.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11105 (arcserve_hidden_share.nasl)

Bugtraq ID: 3343

CVE ID: CVE-2001-0960

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now