Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection backup software that can let attackers bypass authentication and gain admin privileges.
According to the company, Arcserve UDP is a data and ransomware protection solution designed to help customers thwart ransomware attacks, restore compromised data, and enable effective disaster recovery to ensure business continuity.
Arcserve released UDP 9.1 to fix the vulnerability on June 27, four months after the bug was found and reported by security researchers Juan Manuel Fernandez and Sean Doherty with MDSec’s ActiveBreach red team.
On systems running Arcserve UDP 7.0 up to 9.0, the flaw enables attackers on the local network to access the UDP admin interface after obtaining easy-to-decrypt admin credentials by capturing SOAP requests containing AuthUUIDs to get valid administrator sessions.
MDSec also shared proof-of-concept exploits and tools that can be used to scan for Arcserve UDP instances with default configuration on local networks, as well as retrieve and decrypt credentials by exploiting the authentication bypass in the management interface.
“Finally, if the ArcServe version was not patched it is possible to exploit an authentication bypass in the management web interface and retrieve the admin creds. All the passwords retrieved by the tools can be decrypted using ArcServeDecrypter.exe.”
