CA BrightStor ARCserve Backup Agent Credential Disclosure
Critical Nessus Plugin ID 11105
SynopsisBackup share can be accessed without authentication.
DescriptionThe remote host has an accessible ARCSERVE$ share.
Several versions of ARCserve store the backup agent username and password in a plaintext file on this share.
An attacker may use this flaw to obtain the password file of the remote backup agent, and use it to gain privileges on this host.
SolutionLimit access to this share to the backup account and domain administrator.