CVE-2005-3316

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

Published: Oct 27, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3316
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / discovery	6.0	6.0.x
symantec / on_command_discovery	standard_4.5	standard_4.5.x
symantec / on_command_discovery	web_4.5	web_4.5.x

http://secunia.com/advisories/17302
http://securityreason.com/securityalert/112
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html
http://securitytracker.com/id?1015097
http://www.securityfocus.com/bid/15188

Vulnerability Database

289,599

CVE-2005-3316