Symantec Norton Antivirus 1.0.1.7/1.2 navieg.ini cleartext storage
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Symantec Norton Antivirus 1.0.1.7/1.2. It has been classified as problematic. Affected is an unknown function of the file navieg.ini. Performing a manipulation results in cleartext storage. This vulnerability is reported as CVE-1999-1323. No exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability classified as problematic has been found in Symantec Norton Antivirus 1.0.1.7/1.2 (Anti-Malware Software). This affects an unknown code block of the file navieg.ini. The manipulation with an unknown input leads to a cleartext storage vulnerability. CWE is classifying the issue as CWE-312. The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
The weakness was disclosed 04/09/1999 as not defined posting (Bugtraq). It is possible to read the advisory at marc.theaimsgroup.com. This vulnerability is uniquely identified as CVE-1999-1323. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1555 according to MITRE ATT&CK.
By approaching the search of inurl:navieg.ini it is possible to find vulnerable targets with Google Hacking.
Upgrading eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cleartext storageCWE: CWE-312 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
04/09/1999 🔍04/09/1999 🔍
06/20/2014 🔍
04/19/2026 🔍
Sources
Vendor: symantec.comAdvisory: marc.theaimsgroup.com
Status: Confirmed
CVE: CVE-1999-1323 (🔍)
GCVE (CVE): GCVE-0-1999-1323
GCVE (VulDB): GCVE-100-14607
Entry
Created: 06/20/2014 23:34Updated: 04/19/2026 01:15
Changes: 06/20/2014 23:34 (39), 04/04/2019 12:57 (10), 04/19/2026 01:15 (18)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.