Security Flaw in Symantec Ghost 7.0 Exposes User Credentials
CVE-2002-0345

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Ghost
Vendor: CVE Published:; 25 June 2002

Summary

Symantec Ghost 7.0 has a vulnerability where it stores usernames and passwords in plaintext within the NGServer\params registry key. This insecure storage method can potentially allow unauthorized users to access sensitive information, leading to privilege escalation. Attackers could exploit this flaw to gain high levels of access to system resources, including the ability to manipulate system settings and data.

References

http://online.securityfocus.com/archive/1/258293

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=bugtraq&m=101529792821615&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/8305.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 25, 2002
Vulnerability Reserved
May 1, 2002