CVE-2007-3022
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus corporate Edition (SAV CE) 10.1 y posteriores, muestra el resumen (hash) de la contraseƱa para un usuario tras un intento de acceso fallido, lo cual facilita a atacantes remotos llevar a cabo ataques de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-04 CVE Reserved
- 2007-06-05 CVE Published
- 2024-07-31 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/36108 | Vdb Entry | |
| http://secunia.com/advisories/25543 | Third Party Advisory | |
| http://www.securityfocus.com/bid/24312 | Vdb Entry | |
| http://www.securitytracker.com/id?1018196 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2074 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34740 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.symantec.com/avcenter/security/Content/2007.06.05.html | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1 Search vendor "Symantec" for product "Client Security" and version "3.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1.394 Search vendor "Symantec" for product "Client Security" and version "3.1.394" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1.396 Search vendor "Symantec" for product "Client Security" and version "3.1.396" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1.400 Search vendor "Symantec" for product "Client Security" and version "3.1.400" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1.401 Search vendor "Symantec" for product "Client Security" and version "3.1.401" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 10.0.2.2021 Search vendor "Symantec" for product "Norton Antivirus" and version "10.0.2.2021" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 10.1 Search vendor "Symantec" for product "Norton Antivirus" and version "10.1" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 10.1.396 Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.396" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 10.1.400 Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.400" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 10.1.401 Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.401" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Reporting Server Search vendor "Symantec" for product "Reporting Server" | <= 1.0.197.0 Search vendor "Symantec" for product "Reporting Server" and version " <= 1.0.197.0" | - |
Affected
| ||||||