Memory Password Exposure in Symantec Altiris Deployment Solution
CVE-2008-6828

7.8HIGH

Key Information:

Vendor
Symantec
Status
Altiris Deployment Solution
Vendor
CVE Published:
8 June 2009

Summary

The Altiris Deployment Solution by Symantec exhibits a vulnerability where the Application Identity Account password is stored in cleartext within the system memory. This design flaw permits local users to exploit this exposure, potentially gaining elevated privileges and tampering with the clients of the Deployment Solution Server. Such vulnerabilities can lead to unauthorized access and manipulation of critical system components.

References

http://securityresponse.symantec.com/avcenter/security/Co...
x_refsource_CONFIRM
http://secunia.com/advisories/31773
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46007
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.