CVE-2007-3022
First published: Tue Jun 05 2007(Updated: )
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Security | =3.1 | |
| Symantec Client Security | =3.1.394 | |
| Symantec Client Security | =3.1.396 | |
| Symantec Client Security | =3.1.400 | |
| Symantec Client Security | =3.1.401 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2021 | |
| Symantec Norton Antivirus with Backup | =10.1 | |
| Symantec Norton Antivirus with Backup | =10.1.396 | |
| Symantec Norton Antivirus with Backup | =10.1.400 | |
| Symantec Norton Antivirus with Backup | =10.1.401 | |
| Symantec Reporting Server | <=1.0.197.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.symantec.com/avcenter/security/Content/2007.06.05.html
- http://www.securityfocus.com/bid/24312
- http://www.securitytracker.com/id?1018196
- http://secunia.com/advisories/25543
- http://www.vupen.com/english/advisories/2007/2074
- http://osvdb.org/36108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34740
Frequently Asked Questions
What is the severity of CVE-2007-3022?
CVE-2007-3022 is considered a high severity vulnerability due to the exposure of user password hashes after failed login attempts.
How do I fix CVE-2007-3022?
To fix CVE-2007-3022, upgrade to Symantec Reporting Server version 1.0.224.0 or later.
What products are affected by CVE-2007-3022?
CVE-2007-3022 affects Symantec Reporting Server, Symantec Client Security versions before 3.1, and Symantec AntiVirus Corporate Edition versions 10.1 and later.
Can CVE-2007-3022 be exploited remotely?
Yes, CVE-2007-3022 can be exploited remotely by attackers to obtain password hashes.
What is the impact of CVE-2007-3022 on security?
The impact of CVE-2007-3022 is significant, as it allows attackers to potentially compromise user accounts by cracking the exposed password hashes.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec client security
- version/symantec client security/3.1
- version/symantec client security/3.1.394
- version/symantec client security/3.1.396
- version/symantec client security/3.1.400
- version/symantec client security/3.1.401
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/10.0.2.2021
- version/symantec norton antivirus with backup/10.1
- version/symantec norton antivirus with backup/10.1.396
- version/symantec norton antivirus with backup/10.1.400
- version/symantec norton antivirus with backup/10.1.401
- canonical/symantec reporting server
- version/symantec reporting server/1.0.197.0