QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3035

Published: Feb 2, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

symantec-ans-key-unauth-access(55952)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.