Symantec Reporting Server Authentication Bypass Vulnerability
TITLE: Symantec Reporting Server Authentication Bypass Vulnerability
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 06 2007 05:10PM
CREDIT: This issue was discovered internally by the vendor.
VULNERABLE:
Symantec Reporting Server 1.0.197.0NOT VULNERABLE:
Symantec Client Security 3.1 .401
Symantec Client Security 3.1 .400
Symantec Client Security 3.1 .396
Symantec Client Security 3.1 .394
Symantec Client Security 3.1
Symantec AntiVirus Corporate Edition 10.1 .401
Symantec AntiVirus Corporate Edition 10.1 .400
Symantec AntiVirus Corporate Edition 10.1 .396
Symantec AntiVirus Corporate Edition 10.1 .394
Symantec AntiVirus Corporate Edition 10.1
Symantec Reporting Server 1.0.224.0
Symantec Client Security 3.1.6.6000
Symantec AntiVirus Corporate Edition 10.1.6.600
Vai alla pagina originale su Security Focus
Discussion
Symantec Reporting Server is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain access to the reporting database.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an update and an advisory to address this issue. Please see the references for more information.
References
References:
- SYM07-011: Symantec Reporting Server Password Disclosure (Symantec)
- Symantec Client Security Homepage (Symantec)
- Symantec Reporting Server Homepage (Symantec )
- SYM07-011 Symantec Reporting Server password disclosure (Symantec)