Computer Associates ARCServe Cleartext Administrative Password Vulnerability

ARCServe is an enterprise data backup and recovery solution from Computer Associates.

ARCServe stores its administrator account and password in cleartext.

Since ARCServe normally runs under an account with access to system files (or even that of the NT domain administrator), users able to read this information can gain administrative access to the host.


Privacy Statement
Copyright 2010, SecurityFocus