Symantec pcAnywhere Remote User Credential Disclosure

1115

06 March 2020

09 May 2007

CLOSED

LOW

SUMMARY

 

Symantec pcAnywhere fails to properly protect remote user credentials stored in memory.

Risk Impact
Low

Remote Access

No

Local Access

Yes

Authentication Required

Yes

Exploit publicly available

No

 

AFFECTED PRODUCTS

 

Products

Versions

Symantec pcAnywhere

11.5.x (No longer supported)

12.0.x


Note: Symantec pcAnywhere version 11.5.x is no longer a supported product. However a fix for this version in being developed and will be available at a later date. This fix will be made available on an as is basis with no support available. Users who wish to have full product support are encouraged to upgrade to the latest supported version.

ISSUES

 

Details
A remote user’s connection credentials are stored in clear text with in the Symantec pcAnywhere host server’s process memory when a remote session is requested. The last remote users logged in credentials are stored in clear text in the memory while the Symantec pcAnywhere host is active on the host machine. The credentials of a remote user requesting a session connection can be compromised if a user with administration rights on the host machine utilizes tools to dump the process memory, and search and discover remote user's credentials.

 

MITIGATION

 

Mitigations
Limit access to administrator account. Without administrative access, the heap memory cannot be dumped and remote credentials discovered.

Symantec Response
Symantec has released updates for all affected product version currently supported by Symantec. These updates are available through Symantec’s LiveUpdate.

To date, Symantec is not aware of any reported attempts to exploit this vulnerability.

ACKNOWLEDGEMENTS

 

Symantec would like to thank Jeremy Lebourdais of EdelWeb for reporting this issue to Symantec, and working with us on the resolution.