Remote root (?) exploit in Retrospect 8 for Mac OS X

So, you have to cut Retrospect a little slack, it’s been passed around like a hot potato recently and has just found a home at Roxio now that EMC have washed their hands of it.

The interface for the new version is a little rough around the edges – for instance, you can add license keys to the server, but there’s no button (or keystroke I could work out) to remove them if, for example, you want to delete an entered trial license.

There’s no save button when you’re editing a script – click around and the changes are saved as you made them with no prompting and no way to undo…

Anyway, all of these pale into insignificance when you realise that you can install the Retrospect 8 management console on your computer and connect to your server. Without entering a password. Even if you enter the wrong password.

Yep, open to all and sundry. What’s more, Roxio have a Retrospect app for the iPhone. How many admins are going to open up the Retrospect server admin ports to the internet and allow anyone who cares to try the ability to trash your server should they desire.

Trash your server – how? Make an archive set, archive everything on the server, telling Retrospect to delete files after archiving. Recycle the archive set. Done.

This article was posted by Kai Howells. If you liked this content and have any technical work in the Melbourne area, say hello via my contact form or give me a call on 0419 361 653 - I cover most of the greater Melbourne area and my rates are competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *