Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-6828 | First vendor Publication | 2009-06-08 |
| Vendor | Cve | Last vendor Modification | 2024-02-14 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-37 | Lifting Data Embedded in Client Distributions |
| CAPEC-65 | Passively Sniff and Capture Application Code Bound for Authorized Client |
| CAPEC-117 | Data Interception Attacks |
| CAPEC-155 | Screen Temporary Files for Sensitive Information |
| CAPEC-157 | Sniffing Attacks |
| CAPEC-167 | Lifting Sensitive Data from the Client |
| CAPEC-204 | Lifting cached, sensitive data embedded in client distributions (thick or thin) |
| CAPEC-205 | Lifting credential(s)/key material embedded in client distributions (thick or... |
| CAPEC-258 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
| CAPEC-259 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
| CAPEC-260 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-312 | Cleartext Storage of Sensitive Information |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54976 | Symantec Altiris Deployment Solution Application Identity Account Cleartext P... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-11-25 | Name : The remote Windows host has a program that is affected by a password disclosu... File : altiris_deployment_solution_server_6_9_355.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-14 21:28:18 |
|
| 2021-05-05 01:05:33 |
|
| 2021-05-04 12:08:51 |
|
| 2021-04-22 01:09:10 |
|
| 2020-05-24 01:05:25 |
|
| 2020-05-23 00:23:02 |
|
| 2018-11-01 12:02:26 |
|
| 2017-08-17 09:22:24 |
|
| 2016-04-26 18:26:08 |
|
| 2014-02-17 10:48:01 |
|
| 2013-05-11 00:37:42 |
|
