{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-05-04T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017971", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017971"}, {"name": "ADV-2007-1552", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1552"}, {"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"}, {"name": "25013", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25013"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2360", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017971", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017971"}, {"name": "ADV-2007-1552", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1552"}, {"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"}, {"name": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html", "refsource": "CONFIRM", "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"}, {"name": "25013", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25013"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.557Z"}, "title": "CVE Program Container", "references": [{"name": "1017971", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017971"}, {"name": "ADV-2007-1552", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1552"}, {"name": "20070426 Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"}, {"name": "25013", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25013"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2360", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "D0598D0E-0BCA-4711-89DE-53C528D9015B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52:*:*:*:*:*:*:*", "matchCriteriaId": "8BAB9A49-0311-4D33-8F58-F1228CABA8EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.52a:*:*:*:*:*:*:*", "matchCriteriaId": "2942EF66-62D1-49F9-A38C-BFEEAD22F62E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backupexec_system_recovery:6.53:*:*:*:*:*:*:*", "matchCriteriaId": "CC7F5F20-B428-4754-9274-F16BC01E8957", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "33F3C4CA-B6D1-4B7A-9C98-8CE0A71C86DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "5E137FF2-AEC3-48CD-B744-76615B433554", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:livestate_recovery:6.02:*:*:*:*:*:*:*", "matchCriteriaId": "880D2EE8-DB5C-478A-86F6-1960C1F68E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:dell:*:*:*:*:*", "matchCriteriaId": "48289358-FC5D-4CC9-B420-365B1FB842F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_ghost:10.0:*:norton_system_works:*:*:*:*:*", "matchCriteriaId": "6A43FA5B-E637-41B3-BCD9-A3DF2A372DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_ghost:10.01:*:*:*:*:*:*:*", "matchCriteriaId": "3F6128F8-5BE1-4A5A-BCEF-D0C9F94E306E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01:*:sony_euro:*:*:*:*:*", "matchCriteriaId": "A059387D-6A4E-4F23-B16F-9C04601A556D", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:1.01b:*:norton_system_works_2007:*:*:*:*:*", "matchCriteriaId": "D4EE821D-CCA3-43C7-8044-31F9373AA8FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "8881CCEE-CDC3-4634-AD25-C705FD8BDE9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01:*:*:*:*:*:*:*", "matchCriteriaId": "DD4775B1-3712-429D-9227-824CFAB69FE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_save_and_recovery:11.01b:*:*:*:*:*:*:*", "matchCriteriaId": "082E74B5-1045-4BCF-93A2-AF0AFF4EAA00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key."}, {"lang": "es", "value": "Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, y BackupExec System Recovery anterior a 20070426, cuando est\u00e1n los backups remotos de las im\u00e1genes del punto de restauraci\u00f3n configurados, cifra las credenciales de la parte de la red con una llave formada por un hash del username, que permite que los usuarios locales obtengan las credenciales calculando la llave."}], "evaluatorImpact": "\"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to be shared by several users who each saved their restore points images to private shares.\"", "id": "CVE-2007-2360", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25013"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017971"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/avcenter/security/Content/2007.04.26.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1552"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}