Symantec Discovery Web Accounts Null Password

1077

06 March 2020

24 October 2005

CLOSED

MEDIUM

SUMMARY

 

Risk Impact
Medium

Remote Access

Yes

Local Access

Yes

Authentication Required

No

Exploit publicly available

NA

 

AFFECTED PRODUCTS

 

Product

Version

Solution

ON Command Discovery Standard Edition

4.5.x

Downloadable Updates

ON Command Discovery Web Edition

4.5.x

Downloadable Updates

Symantec Discovery

6.0

Downloadable Updates


Note: Product versions prior to 4.5.2 are no longer supported and updates are not available. Users of Symantec Discovery versions prior to 4.5.2 are encouraged to upgrade to a newer, supported product version.

ADDITIONAL PRODUCT INFORMATION

 

Product

Version

Build

Version of Symantec Discovery installed without the web application

All

All

 

ISSUES

 

Details
Symantec engineers have identified that during installation of Symantec Discovery, two database accounts, DiscoveryWeb and DiscoveryRO, are created with null passwords. Assigning a password to the DiscoveryWeb account will disable Symantec Discovery in its current configuration

 

MITIGATION

 

Symantec Response
A patch has been created to allow the DiscoveryWeb database account to be password protected. The DiscoveryRO account is only used in conjunction with the heat interface. It is recommended that this database account be removed unless used in conjunction with the heat interface. Scripts are also available for removing or adding the DiscoveryRO.

The patch and installation instructions are available from the Symantec website.

For ON Command Discovery Standard Edition:
http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_std_45x/files.html

For ON Command Discovery Web Edition:
http://www.symantec.com/techsupp/enterprise/products/oncmd/cmd_dis_web_45x/files.html

For Symantec Discovery 6.0:
http://www.symantec.com/techsupp/enterprise/products/sdis/sdis_6x/files.html

Symantec is not aware of any active attempts against or organizations impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats