Insecure Password Storage in Symantec Norton Ghost and Related Products
CVE-2007-2361

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Ghost; Norton Save And Recovery; Backupexec System Recovery; Livestate Recovery
Vendor: CVE Published:; 30 April 2007

Summary

The products from Symantec, including Norton Ghost and related backup tools, exhibit a critical vulnerability due to weak permissions set on a configuration file containing network share credentials. This vulnerability occurs when remote backups of restore point images are configured, granting local users the ability to read the file and obtain sensitive credentials. This misconfiguration leads to unauthorized access, putting the integrity of the backup process at risk and potentially compromising the security of the system.

References

http://www.securitytracker.com/id?1017971

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2007/1552

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability published
Apr 30, 2007
Vulnerability Reserved
Apr 30, 2007