CVE-2007-3022

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.symantec.com/avcenter/security/Content/2007.06.05.html	Patch
http://www.securityfocus.com/bid/24312
http://www.securitytracker.com/id?1018196
http://secunia.com/advisories/25543
http://www.vupen.com/english/advisories/2007/2074
http://osvdb.org/36108
https://exchange.xforce.ibmcloud.com/vulnerabilities/34740

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
	cpe:2.3:a:symantec:client_security:3.1.401:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
	cpe:2.3:a:symantec:client_security:3.1:::::::*
	cpe:2.3:a:symantec:client_security:3.1.394:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
	cpe:2.3:a:symantec:client_security:3.1.396:::::::*
	cpe:2.3:a:symantec:client_security:3.1.400:::::::*
	cpe:2.3:a:symantec:reporting_server::::::::

Information

Published : 2007-06-05 14:30

Updated : 2017-07-28 18:31

NVD link : CVE-2007-3022

Mitre link : CVE-2007-3022

JSON object : View

CWE

NVD-CWE-Other

Products Affected

symantec

reporting_server
client_security
norton_antivirus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html", "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24312", "name": "24312", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018196", "name": "1018196", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25543", "name": "25543", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/2074", "name": "ADV-2007-2074", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/36108", "name": "36108", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740", "name": "symantec-reporting-information-disclosure(34740)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3022", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-05T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.197.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}

4.3 /10