CA BrightStor ARCserve Backup Agent Credential Disclosure

Critical Nessus Plugin ID 11105


Backup share can be accessed without authentication.


The remote host has an accessible ARCSERVE$ share.

Several versions of ARCserve store the backup agent username and password in a plaintext file on this share.

An attacker may use this flaw to obtain the password file of the remote backup agent, and use it to gain privileges on this host.


Limit access to this share to the backup account and domain administrator.

See Also

Plugin Details

Severity: Critical

ID: 11105

File Name: arcserve_hidden_share.nasl

Version: $Revision: 1.23 $

Type: local

Agent: windows

Family: Windows

Published: 2002/08/22

Modified: 2016/10/07

Dependencies: 10394, 10150

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:C

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/transport

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/04/09

Reference Information

CVE: CVE-2001-0960

BID: 3343

OSVDB: 5482