Symantec Anti-Virus LiveUpdate Credentials Disclosure
Results 1 to 4 of 4

Thread: Symantec Anti-Virus LiveUpdate Credentials Disclosure

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    Symantec Anti-Virus LiveUpdate Credentials Disclosure

    Greeting's


    The security issue is caused due to the client storing the LiveUpdate Server login name and password to a local log file in clear text. This can be exploited by malicious users to disclose the configured login name and password for accessing the LiveUpdate packages.

    Although this vulnerability is classified as : Less Critical. I have posted it so that Admin's get a head's up.

    Product version's affected : Symantec AntiVirus Corporate Edition 9.x

    Symantec Windows LiveUpdate 2.x


    Solution : Update to version 2.7.38.


    Original Advisory :

    http://securityresponse.symantec.com...005.09.02.html
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Yet another update to download...yeah! Thanks for the heads up. Maybe I'll just upgrade to Corporate 10.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  3. #3
    Member
    Join Date
    Jun 2005
    Posts
    34
    There is a work around for this, but I have not been able to find that clear text passwords are stored.
    to SYN, or not to SYN. That is the question. -Shakespeare?

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    I don't understand that how such big security companies make such stupid mistakes.

    www.securityfocus.com is run by Symantec
    www.@stake.com has been acquired by Symantec.

    God knows what the hell are they upto.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides