The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-02-02T16:25:00
Updated: 2017-08-16T14:57:01
Reserved: 2009-08-31T00:00:00
Link: CVE-2009-3035
JSON object: View
NVD Information
Status : Modified
Published: 2010-02-02T16:30:02.127
Modified: 2017-08-17T01:31:01.117
Link: CVE-2009-3035
JSON object: View
Redhat Information
No data.
CWE