Vulnerability Description
Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Ghost | 7.0 |
References
- http://marc.info/?l=bugtraq&m=101529792821615&w=2
- http://online.securityfocus.com/archive/1/258293ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8305.phpVendor Advisory
- http://www.securityfocus.com/bid/4181ExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=101529792821615&w=2
- http://online.securityfocus.com/archive/1/258293ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8305.phpVendor Advisory
- http://www.securityfocus.com/bid/4181ExploitVendor Advisory
FAQ
What is CVE-2002-0345?
CVE-2002-0345 is a vulnerability with a CVSS score of 7.5 (HIGH). Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
How severe is CVE-2002-0345?
CVE-2002-0345 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0345?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Ghost.