Credential Disclosure in Symantec Altiris Deployment Solution
CVE-2008-2291

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Deployment Solution
Vendor: CVE Published:; 18 May 2008

Summary

The axengine.exe component of Symantec's Altiris Deployment Solution versions 6.8.x and 6.9.x prior to 6.9.176 is susceptible to a security flaw that leads to the generation of domain credentials using a fixed salt or without any salt. This vulnerability allows remote attackers to potentially guess encrypted domain credentials, leading to unauthorized access. Mitigating this risk is crucial for maintaining the security and integrity of affected systems.

References

http://www.insomniasec.com/advisories/ISVA-080516.2.htm

x_refsource_MISC

http://www.securityfocus.com/archive/1/492228/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2008/1542/references

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 18, 2008
Vulnerability Reserved
May 18, 2008