PT-1999-1645 · Microsoft+1 · Ms Exchange+2

Published

1999-04-09

Updated

2016-10-18

CVE-1999-1323

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Norton AntiVirus for Internet Email Gateways versions 1.0.1.7 and earlier Norton AntiVirus for MS Exchange versions 1.5 and earlier

Description: The issue concerns the storage of administrator passwords in cleartext. Specifically, the passwords are stored in the navieg.ini file for Norton AntiVirus for Internet Email Gateways and in the ModifyPassword registry key for Norton AntiVirus for MS Exchange.

Recommendations: For Norton AntiVirus for Internet Email Gateways versions 1.0.1.7 and earlier, consider restricting access to the navieg.ini file to minimize the risk of password exposure. For Norton AntiVirus for MS Exchange versions 1.5 and earlier, restrict access to the ModifyPassword registry key to prevent unauthorized password access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1323

Affected Products

Ms Exchange

Norton Antivirus For Internet Email Gateways

Norton Antivirus For Ms Exchange

PT-1999-1645 · Microsoft+1 · Ms Exchange+2

CVE-1999-1323

Related Identifiers

Affected Products

References · 2