CVE-2007-3022

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

Published: Jun 5, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3022
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / norton_antivirus	10.1	10.1.x
symantec / norton_antivirus	10.1.400	10.1.400.x
symantec / norton_antivirus	10.1.401	10.1.401.x
symantec / client_security	3.1.396	3.1.396.x
symantec / norton_antivirus	10.1.396	10.1.396.x
symantec / client_security	3.1.401	3.1.401.x
symantec / client_security	3.1.400	3.1.400.x
symantec / reporting_server	-	1.0.197.0.x
symantec / client_security	3.1	3.1.x
symantec / client_security	3.1.394	3.1.394.x
symantec / norton_antivirus	10.0.2.2021	10.0.2.2021.x

Vulnerability Database

289,697

CVE-2007-3022