1. CVE-Search
  2. CVE-2008-2291
ID CVE-2008-2291
Summary axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.8:-:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.8:-:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2019 - 22:55)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 29199
bugtraq
  • 20080515 ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability
  • 20080518 Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure
confirm http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
hp
  • HPSBMA02369
  • SSRT080115
misc
sectrack 1020024
secunia 30261
vupen ADV-2008-1542
xf symantec-altiris-axengine-info-disclosure(42437)
Last major update 09-10-2019 - 22:55
Published 18-05-2008 - 14:20
Last modified 09-10-2019 - 22:55
Back to Top