CVE-2018-12240 — Hard-coded Credentials in Norton Password Manager

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 47.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Password Manager Symantec Corporation Norton Identity Safe FOR Android

Timeline

PublishedAug 29

Latest updateMay 13

Description

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5symantec_corporation/norton_identity_safe_for_androidPrior to 5.3.0.976

▶NVDsymantec/norton_password_manager< 5.3.0.976

🔴Vulnerability Details

GHSA

GHSA-4fpj-5v33-6x96: The Norton Identity Safe product prior to 5↗2022-05-13

▶

CVEList

CVE-2018-12240: The Norton Identity Safe product prior to 5↗2018-08-29

▶