7.5

CVE-2008-2291

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.

Data is provided by the National Vulnerability Database (NVD)
SymantecAltiris Deployment Solution Version >= 6.9 < 6.9.176
SymantecAltiris Deployment Solution Version6.8 Update-
SymantecAltiris Deployment Solution Version6.8 Updatesp1
SymantecAltiris Deployment Solution Version6.8 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.17% 0.836
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
http://marc.info/?l=bugtraq&m=122167472229965&w=2
Third Party Advisory
Mailing List
http://www.securitytracker.com/id?1020024
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29199
Third Party Advisory
VDB Entry