Symantec Scan Engine Authentication Fundamental Design Error
Description
Symantec Scan Engine provides a web-based administrative interface that is used for managing scanning options and antivirus definitions. To access the interface, an administrator must browse to it, load a Java applet, and log in with a password.
However, the authentication mechanism used by Symantec Scan Engine contains a fundamental design flaw that allows any remote user to gain full administrative access to the server. The server does not verify the password entered by the user. The password is only verified by the client-side Java applet. Anyone with knowledge of the underlying communication mechanism can exercise full control of the Scan Engine server simply by posting XML requests to the server using its proprietary protocol.
Solution(s)
- symantec-scan-engine-upgrade-5_1
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center