Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption Key
High Nessus Network Monitor Plugin ID 5330
SynopsisThe remote host is vulnerable to an information disclosure vulnerability.
DescriptionThe remote host is running Symantec Altiris Notification Server 6.0 earlier than SP3 R12. Such versions are potentially affected by a local information disclosure vulnerability because the application uses a static encryption key for encrypted credentials entered by the administrator. An attacker, exploiting this flaw, could view unauthorized information or possibly execute code.
SolutionUpgrade to Altiris Notification Server 6.0 SP3 R12 or later.