CVE-2007-2360

Published Apr 30, 2007

Last updated 14 years ago

Overview

Description
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
Source
cve@mitre.org
NVD status
Modified

Social media

Hype score
Not currently trending

Risk scores

CVSS 2.0

Type
Primary
Base score
6.8
Impact score
10
Exploitability score
3.1
Vector string
AV:L/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Evaluator

Comment
-
Impact
"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares."
Solution
"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares."

Configurations