Software Engineering Institute

CWE-916: Use of Password Hash With Insufficient Computational Effort - CVE-2015-2864

Retrospect Backup clients prior to 10.0.2 on Windows and Linux and 12.0.2 on Mac contain an error in the password hash generating algorithm. The password is not fully utilized when generating a hash, allowing the possibility of a weak hash with a higher probability of collision with other passwords. Attackers with network access to a machine running the Retrospect client may be able to generate brute-force passwords that are guaranteed to collide with the hashed password with a maximum of 128 tries. This attack was demonstrated by security researchers Josep Pi Rodriguez and Pedro Guillen Nunez.

This vulnerability only affects clients utilizing password authentication; clients using the public key authentication mechanism to login are unaffected. Retrospect recommends that users make use of the public key authentication mechanism. For more details on the vulnerability and instructions on enabling public key authentication, please see Retrospect's advisory.

An unauthenticated attacker on the network may be able to brute force a correct password by guessing a string that produces the same hash, granting access to backup data as the victim user.

Apply an update

For users that wish to continue using the password mechanism, Retrospect has released updates addressing this issue.

Windows users should update to version 10.0.2.119 or later.
Mac users should update to version 12.0.2.116 or later.
Linux users should update to version 10.0.2.104 or later.

Affected users may also consider the following workaround recommended by the vendor:

Switch to Public Key Authentication

The public key authentication method used by Retrospect is unaffected by this vulnerability. Retrospect recommends using public key authentication rather than a password and has provided a knowledge base article to guide users through the setup process.