CVE-2007-2360

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.

Published: May 1, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2360
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / norton_ghost	10.0	10.0.x
symantec / norton_save_and_recovery	11.01	11.01.x
symantec / norton_ghost	10.01	10.01.x
symantec / norton_save_and_recovery	11.0	11.0.x
symantec / backupexec_system_recovery	6.53	6.53.x
symantec / norton_save_and_recovery	1.01	1.01.x
symantec / livestate_recovery	6.01	6.01.x
symantec / backupexec_system_recovery	6.52a	6.52a.x
symantec / backupexec_system_recovery	6.5	6.5.x
symantec / livestate_recovery	6.0	6.0.x
symantec / backupexec_system_recovery	6.52	6.52.x
symantec / norton_save_and_recovery	1.01b	1.01b.x
symantec / norton_save_and_recovery	11.01b	11.01b.x
symantec / livestate_recovery	6.02	6.02.x

Vulnerability Database

290,206

CVE-2007-2360