Unencrypted Backup Confirmation Bypass in Attic Before 0.15

Unencrypted Backup Confirmation Bypass in Attic Before 0.15

CVE-2015-4082 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".

Learn more about our User Device Pen Test.