Rapid7 Vulnerability & Exploit Database

Symantec Scan Engine Known Immutable DSA Private Key

Back to Search

Symantec Scan Engine Known Immutable DSA Private Key

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
04/21/2006
Created
07/25/2018
Added
04/21/2006
Modified
02/13/2015

Description

Symantec Scan Engine exhibits a vulnerability in the way it generates the SSL private key used for protecting communications over TCP port 8005. This port is used to exchange sensitive configuration and control commands between the server and the administrative control application.

While all data over this port is protected using SSL, Rapid7 has found that every installation of Symantec Scan Engine uses the same private DSA key. This immutable key cannot be changed by end users and can be extracted easily from any installation of this product.

This design flaw renders the SSL protection useless. An man-in-the-middle attacker could easily intercept and decrypt all communications between Symantec Scan Engine and an administrative client.

Solution(s)

  • symantec-scan-engine-upgrade-5_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;