CVE-2007-3022

Symantec Reporting Server <1.0.224.0 - Info Disclosure

Title source: llm

Description

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34740

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24312

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36108

Patch x_refsource_confirm

http://www.symantec.com/avcenter/security/Content/2007.06.05.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018196

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2074

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25543

Scores

EPSS 0.0095

EPSS Percentile 76.6%

Details

Status published

Products (11)

symantec/client_security 3.1

symantec/client_security 3.1.394

symantec/client_security 3.1.396

symantec/client_security 3.1.400

symantec/client_security 3.1.401

symantec/norton_antivirus 10.0.2.2021

symantec/norton_antivirus 10.1

symantec/norton_antivirus 10.1.396

symantec/norton_antivirus 10.1.400

symantec/norton_antivirus 10.1.401

... and 1 more

Published Jun 05, 2007

Tracked Since Feb 18, 2026