Mar 18, 2011

EMC Avamar information disclosure weakness

EMC Avamar is a backup and recovery solution that utilizes data deduplication technology to identify redundant data at the source, minimizing backup data before it is sent over the LAN/WAN.


A weakness has been reported in EMC Avamar, which can be exploited by malicious people to disclose potentially sensitive information, according to Secunia.

The weakness is caused due to certain information (e.g. internal customer emails) being transmitted in clear text for certain events and can be disclosed by e.g sniffing network traffic.

The weakness is reported in versions 5.0.0-407 and later but prior to 5.0.4.

Solution: Apply hotfix 24753 or update to version 5.0.4 (5.0 SP4).

No comments:

Post a Comment