Symantec Altiris Notification Server 6.0 < SP3 R12 Static Encryption Key

High Nessus Network Monitor Plugin ID 5330


The remote host is vulnerable to an information disclosure vulnerability.


The remote host is running Symantec Altiris Notification Server 6.0 earlier than SP3 R12. Such versions are potentially affected by a local information disclosure vulnerability because the application uses a static encryption key for encrypted credentials entered by the administrator. An attacker, exploiting this flaw, could view unauthorized information or possibly execute code.


Upgrade to Altiris Notification Server 6.0 SP3 R12 or later.

See Also

Plugin Details

Severity: High

ID: 5330

File Name: 5330.prm

Family: CGI

Published: 2010/01/29

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 44339

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/01/28

Vulnerability Publication Date: 2010/01/28

Reference Information

CVE: CVE-2009-3035

BID: 37953

OSVDB: 62010