CVE-2009-3035
Symantec Altiris Notification Server 6.0.x - Hardcoded Key Credential Disclosure
Title source: llmDescription
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38356
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37953
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/62010
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023521
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55952
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0256
Scores
EPSS
0.0009
EPSS Percentile
25.5%
Details
CWE
CWE-255
Status
published
Products (1)
symantec/altiris_notification_server
6.0 (6 CPE variants)
Published
Feb 02, 2010
Tracked Since
Feb 18, 2026