ARCServe aremote.dmp stores username and password in plain text

arcserve-aremote-plaintext (7122) The risk level is classified as HighHigh Risk

Description:

ARCServe creates the aremote.dmp file in a hidden share 'ARCSERVE$' during a default installation. This file contains sensitive information such as a valid username and password in plain text. Any user can view this file and gain administrative privileges to the network.


Consequences:

Gain Access

Remedy:

For ARCServe 2000 SP2: Apply latest patch as listed in Computer Associates APAR#: QO00945. See References. For ARCServe 6.61 SP2a: No remedy available as of September 2001. As a workaround, change the permissions on the hidden share so that only the backup account and the administrator have access.

References:

  • BugTraq Mailing List, Sat Sep 15 2001 - 23:27:07 CDT: ARCserve 6.61 Share Access Vulnerability.
  • Computer Associates Technical Support: APAR #: QO00945 DATE: 14 SEP 2001.
  • BID-3342: Computer Associates ARCServe Insecure Default Network Share Vulnerability
  • BID-3343: Computer Associates ARCServe Cleartext Administrative Password Vulnerability
  • CVE-2001-0959: Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
  • CVE-2001-0960: Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
  • OSVDB ID: 5482: CA ARCserve Backup Agent Credential Disclosure
  • OSVDB ID: 5483: CA ARCserve Hidden Share Information Disclosure

Platforms Affected:

  • CA ARCserve Backup 6.61 SP2a
  • CA ARCserve Backup 2000

Reported:

Sep 16, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page