icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption Key

High

Synopsis

The remote host is vulnerable to an information disclosure vulnerability.

Description

The remote host is running Symantec Altiris Notification Server 6.0 earlier than SP3 R12. Such versions are potentially affected by a local information disclosure vulnerability because the application uses a static encryption key for encrypted credentials entered by the administrator. An attacker, exploiting this flaw, could view unauthorized information or possibly execute code.

Solution

Upgrade to Altiris Notification Server 6.0 SP3 R12 or later.