Description
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015097
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/112
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15188
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17302
Scores
EPSS
0.0091
EPSS Percentile
76.0%
Details
Status
published
Products (3)
symantec/discovery
6.0
symantec/on_command_discovery
standard_4.5
symantec/on_command_discovery
web_4.5
Published
Oct 27, 2005
Tracked Since
Feb 18, 2026