Arkeia Server Static Salt Weak Password Vulnerability

Arkeia Server Static Salt Weak Password Vulnerability

Arkeia Server is an enterprise-based backup software solution distributed and maintained by Knox Software.

Arkeia uses a predictable and static salt when generating encrypted passwords. Arkeia uses the crypt() function when a password is entered, and places the output of the function in the Arkeia password file. Arkeia passwords are a maximum of 8 characters. The salt used for these passwords is typically character string "n3." This could give a user an advantage if they were to gain access to the password file and perform cryptanalysis on the passwords.