CVE-2005-3316

Published: Oct 27, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

Affected (3)

Products: Symantec: Discovery, On Command Discovery

2 products

On Command Discovery

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Discovery	Version 6.0
Symantec On Command Discovery	Version standard_4.5
Symantec On Command Discovery	Version web_4.5

References (10)

http://secunia.com/advisories/17302

Source: cve@mitre.org

http://securityreason.com/securityalert/112

Source: cve@mitre.org

http://securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html

Source: cve@mitre.org

http://securitytracker.com/id?1015097

Source: cve@mitre.org

http://www.securityfocus.com/bid/15188

Source: cve@mitre.org

http://secunia.com/advisories/17302

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/112

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityresponse.symantec.com/avcenter/security/Content/2005.10.24.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015097

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15188

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.