Detections
Analytics

Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020)

low Nessus Plugin ID 34964

Language:

Synopsis

The remote Windows host has a program that is affected by a password disclosure vulnerability.

Description

The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by a password disclosure vulnerability. Altiris Deployment Solution Server reportedly stores 'Application Identity Account password' in the system memory in plain-text. It may be possible for an authorized non-privileged user to retrieve this password and make unauthorized modifications to the client systems. The level of unauthorized access depends on the user group under which Application Identity Account was registered during installation

Solution

Upgrade to Altiris Deployment Solution 6.9 Build 355 or later.

See Also

http://www.symantec.com/avcenter/security/Content/2008.10.20b.html

Plugin Details

Severity: Low

ID: 34964

File Name: altiris_deployment_solution_server_6_9_355.nasl

Version: 1.11

Type: remote

Agent: windows

Family: Windows

Published: 11/25/2008

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-6828

BID: 31767

CWE: 310

Secunia: 31773