Unrated severityNVD Advisory· Published Sep 21, 2015· Updated May 6, 2026

CVE-2015-2864

Description

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.

Affected products

Retrospect/Retrospect2 versions
cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*+ 1 more
- cpe:2.3:a:retrospect:retrospect:10.0.2:*:*:*:*:windows:*:*
- cpe:2.3:a:retrospect:retrospect:12.0.2:*:*:*:*:mac:*:*
Retrospect/Retrospect Client3 versions
cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*+ 2 more
- cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:linux:*:*
- cpe:2.3:a:retrospect:retrospect_client:10.0.2:*:*:*:*:windows:*:*
- cpe:2.3:a:retrospect:retrospect_client:12.0.2:*:*:*:*:mac:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.retrospect.com/support/kb/cve_2015_2864nvdPatchVendor Advisory
www.youtube.com/watchnvdExploit
www.kb.cert.org/vuls/id/101500nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/75201nvd
www.securitytracker.com/id/1033948nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000