CVE-2007-3022

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/36108
http://secunia.com/advisories/25543
http://www.securityfocus.com/bid/24312
http://www.securitytracker.com/id?1018196
http://www.symantec.com/avcenter/security/Content/2007.06.05.html	Patch
http://www.vupen.com/english/advisories/2007/2074
https://exchange.xforce.ibmcloud.com/vulnerabilities/34740

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:client_security:3.1:::::::*
	cpe:2.3:a:symantec:client_security:3.1.394:::::::*
	cpe:2.3:a:symantec:client_security:3.1.396:::::::*
	cpe:2.3:a:symantec:client_security:3.1.400:::::::*
	cpe:2.3:a:symantec:client_security:3.1.401:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
	cpe:2.3:a:symantec:reporting_server::::::::

History

No history.

Information

Published : 2007-06-05 21:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3022

Mitre link : CVE-2007-3022

CVE.ORG link : CVE-2007-3022

JSON object : View

Products Affected

symantec

reporting_server
norton_antivirus
client_security

CWE

NVD-CWE-Other

{"id": "CVE-2007-3022", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-05T21:30:00.000", "references": [{"url": "http://osvdb.org/36108", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25543", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24312", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018196", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2074", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."}, {"lang": "es", "value": "Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus corporate Edition (SAV CE) 10.1 y posteriores, muestra el resumen (hash) de la contrase\u00f1a para un usuario tras un intento de acceso fallido, lo cual facilita a atacantes remotos llevar a cabo ataques de fuerza bruta."}], "lastModified": "2017-07-29T01:31:55.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11"}, {"criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184", "versionEndIncluding": "1.0.197.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}