BackupExec System Recovery CVE-2007-2360 Local Security Vulnerability

BackupExec System Recovery CVE-2007-2360 Local Security Vulnerability

BackupExec System Recovery is prone to a local security vulnerability. Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.