In association with heise online

06 June 2007, 10:54

Symantec reporting server discloses password hash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec refers to a vulnerability in its reporting server product, which under certain circumstances may allow an attacker to obtain the hash for an administrator password. Once in possession of the hash, it is then possible, for example by searching for matches using rainbow tables, to obtain the plaintext password relatively quickly and log on to the system. However, this only enables access to reports on products from Symantec's client security and antivirus product series. Access to other programs running on the same system is not possible by this means.

This problem affects the reporting server, as included in Symantec Client Security 3.1 and SAV CE 10.1. A patch is available, which is already being distributed over the automatic update.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit