[原文]The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.
[CNNVD]Symantec PowerQuest DeployCenter Boot Disk Plaintext密码泄露漏洞(CNNVD-200412-865)
Symantec Deploy Center stuffit Cleartext Password Disclosure
Physical Access Required
Loss of Confidentiality
Symantec Deploy Center contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when stuffit is instructed to load stored password into memory 4 or more times, which may lead to a loss of confidentiality, integrity and/or availability.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.