Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Recoverpoint_for_virtual_machines | Dell | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Recoverpoint_for_virtual_machines | Dell | 6.0-sp1_p1 (including) | 6.0-sp1_p1 (including) |
Common protection mechanisms include:
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]