Vulnerabilities > CVE-2005-3316 - Unspecified vulnerability in Symantec Discovery and ON Command Discovery

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

symantec

NVD

Published: 2005-10-27

Updated: 2013-07-07

Summary

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Discovery 6.0 Symantec ON Command Discovery Standard_4.5 Symantec ON Command Discovery Web_4.5	3

References

http://secunia.com/advisories/17302
http://securityreason.com/securityalert/112
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html
http://securitytracker.com/id?1015097
http://www.securityfocus.com/bid/15188