Symantec Messaging Gateway 10 Exposure Of Stored AD Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...

XenMobile: Error "Incorrect Credentials" for AD user during enrollment

Issue: User whose AD password is changed recently is facingan enrollment issue. After entering AD username/password it gives error message "Incorrect Credentials". SHP login fails too...

Symantec Messaging Gateway 10.x < 10.6.1 Management Console Multiple Vulnerabilities (SYM16-005)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.1. It is, therefore, affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the SMG management console due to AD password information...

CVE-2016-2203

The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...

CVE-2016-2203

The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...

Code injection

The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...

CVE-2016-2203

CVE-2016-2203 affects Symantec Messaging Gateway (SMG) Appliance prior to 10.6.1. The management console stores or exposes an encrypted AD password in a way that allows a local attacker with read privileges to recover the LDAP credentials. Impact: local disclosure of AD password with high confide...

Symantec Brightmail 10.6.0-7 LDAP Credential Grabber

Exploit Title: Symantec Brightmail ldap credential Grabber Date: 18/04/2016 Exploit Author: Fakhir Karim Reda Vendor Homepage: https://www.symantec.com/securityresponse/securityupdates/detail.jsp?fid=securityadvisory&pvid=securityadvisory&year&suid=2016041800 Version: 10.6.0-7 and earlier Tested...

Symantec Messaging Gateway Multiple Security Issues

SUMMARY Symantec Messaging Gateway SMG Appliance management console was susceptible to potential recovery of the AD password by any user with at least authorized read access to the appliance. Also, an admin or support user could potentially escalate a lower-privileged access to root on the...

CVE-2007-2476

CVE-2007-2476 is associated with Novell SecureLogin (NSL) versions prior to 6.0.106 (NSL 6 SP1 and earlier). The connected Nessus data confirms multiple issues, including a vulnerability that could grant users excessive permissions to their own AD attributes and an additional security issue relat...