Hardcoded Key Vulnerability in Symantec Altiris Notification Server
CVE-2009-3035

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Notification Server
Vendor: CVE Published:; 2 February 2010

Summary

The web console in versions of Symantec Altiris Notification Server prior to 6.0 SP3 R12 contains a significant vulnerability due to the presence of a hardcoded key. This key can be utilized to decrypt both SQL Server credentials and various discovery credentials stored on the system. As it resides on the Notification Server machine, local users can potentially exploit this weakness to extract sensitive information. Additionally, this vulnerability may allow them to execute arbitrary code by leveraging the decrypted credentials, posing a serious risk to the integrity and security of the affected systems.

References

http://secunia.com/advisories/38356

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/37953

vdb-entryx_refsource_BID

http://osvdb.org/62010

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 2, 2010
Vulnerability Reserved
Aug 31, 2009