Symantec Discovery Web Accounts Null Password

2005.10.25
Credit: vendor
Risk: Medium
Local: Yes
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Symantec engineers have identified that during installation of Symantec Discovery, two database accounts, DiscoveryWeb and DiscoveryRO, are created with null passwords. Assigning a password to the DiscoveryWeb account will disable Symantec Discovery in its current configuration. Symantec Response A patch has been created to allow the DiscoveryWeb database account to be password protected. The DiscoveryRO account is only used in conjunction with the heat interface. It is recommended that this database account be removed unless used in conjunction with the heat interface. Scripts are also available for removing or adding the DiscoveryRO. The patch and installation instructions are available from the Symantec website. For ON Command Discovery Standard Edition: http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_std_45x/files.html For ON Command Discovery Web Edition: http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_web_45x/files.html For Symantec Discovery 6.0: http://www.symantec.com/techsupp/enterprise/products/sdis/sdis_6x/files.html Symantec is not aware of any active attempts against or organizations impacted by this issue. As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top