Description
Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
Affected products
- Symantec / pcanywhere11.5 – 11.5
- Symantec / pcanywhere11.5.1 – 11.5.1
- Symantec / pcanywhere12.0 – 12.0
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34203
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1753
- MISChttp://osvdb.org/41982
- MISChttp://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html
- MISChttp://securitytracker.com/id?1018032
- MISChttp://www.securityfocus.com/bid/23875