__________________________________________________________________ Insomnia Security Vulnerability Advisory: ISVA-080516.2 ___________________________________________________________________ Name: Altiris Deployment Solution - Domain Account Disclosure Released: 16 May 2008 Vendor Link: http://www.altiris.com/ Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x Original Advisory: http://www.insomniasec.com/advisories/ISVA-080516.2.htm Researcher: Brett Moore, Insomnia Security http://www.insomniasec.com ___________________________________________________________________ _______________ Description _______________ Altiris deployment solution is a suite installed to manage the configuration and operation of machines on the network. Part of the Deployment solution setup involves configuring the domain accounts to be used to access the various clients for imaging and configuration jobs. Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. The encryption is not salted or specific to the install, allowing for offsite decryption of the credentials. _______________ Details _______________ The retrieved encrypted credentials can be placed into a local installation, through direct insertion into the SQL server database. The GUI can then be used to view the decrypted credentials. Alternatively a standalone tool to decrypt the credentials could easily be written. _______________ Solution _______________ Symantec have released a security update to address this issue; http://www.symantec.com/avcenter/security/Content/2008.05.14a.html _______________ Legals _______________ The information is provided for research and educational purposes only. Insomnia Security accepts no liability in any form whatsoever for any direct or indirect damages associated with the use of this information. ___________________________________________________________________ Insomnia Security Vulnerability Advisory: ISVA-080516.2 ___________________________________________________________________