Vulnerabilities > CVE-2006-1284 - Local Administrative Authentication Credentials Disclosure vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

symantec

NVD

Published: 2006-03-19

Updated: 2011-03-08

Summary

The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Ghost Solutions Suite 1.0 Symantec Norton Ghost 8.0 Symantec Norton Ghost 8.2	3

References

http://secunia.com/advisories/19171
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.07.html
http://securitytracker.com/id?1015733
http://www.securityfocus.com/bid/17018
http://www.vupen.com/english/advisories/2006/0870