SecurityvulnsSECURITYVULNS:DOC:19860Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure
Insomnia Security Vulnerability Advisory: ISVA-080516.2
Name: Altiris Deployment Solution - Domain Account Disclosure
Released: 16 May 2008
Vendor Link:
http://www.altiris.com/
Affected Products:
Altiris Deployment Solution 6.8.x & 6.9.x
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080516.2.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
Description
Altiris deployment solution is a suite installed to manage the
configuration and operation of machines on the network. Part of
the Deployment solution setup involves configuring the domain
accounts to be used to access the various clients for imaging
and configuration jobs.
Altiris deployment solution listens for connections from the
Altiris client on port 402. It is possible to make a request to
this port that will result in the encrypted domain credentials
being returned.
The encryption is not salted or specific to the install, allowing
for offsite decryption of the credentials.
Details
The retrieved encrypted credentials can be placed into a local
installation, through direct insertion into the SQL server
database. The GUI can then be used to view the decrypted
credentials.
Alternatively a standalone tool to decrypt the credentials could
easily be written.
Solution
Symantec have released a security update to address this issue;
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
Legals
The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.
Insomnia Security Vulnerability Advisory: ISVA-080516.2