Symantec pcAnywhere Remote User Credential Disclosure
1115
06 March 2020
09 May 2007
CLOSED
LOW
SUMMARY
Symantec pcAnywhere fails to properly protect remote user credentials stored in memory.
Risk Impact
Low
Remote Access |
No |
Local Access |
Yes |
Authentication Required |
Yes |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Products |
Versions |
Symantec pcAnywhere |
11.5.x (No longer supported) |
12.0.x |
Note: Symantec pcAnywhere version 11.5.x is no longer a supported product. However a fix for this version in being developed and will be available at a later date. This fix will be made available on an as is basis with no support available. Users who wish to have full product support are encouraged to upgrade to the latest supported version.
ISSUES
Details
A remote user’s connection credentials are stored in clear text with in the Symantec pcAnywhere host server’s process memory when a remote session is requested. The last remote users logged in credentials are stored in clear text in the memory while the Symantec pcAnywhere host is active on the host machine. The credentials of a remote user requesting a session connection can be compromised if a user with administration rights on the host machine utilizes tools to dump the process memory, and search and discover remote user's credentials.
MITIGATION
Mitigations
Limit access to administrator account. Without administrative access, the heap memory cannot be dumped and remote credentials discovered.
Symantec Response
Symantec has released updates for all affected product version currently supported by Symantec. These updates are available through Symantec’s LiveUpdate.
To date, Symantec is not aware of any reported attempts to exploit this vulnerability.
ACKNOWLEDGEMENTS
Symantec would like to thank Jeremy Lebourdais of EdelWeb for reporting this issue to Symantec, and working with us on the resolution.