-
September 5th, 2005, 08:12 PM
#1
Symantec Anti-Virus LiveUpdate Credentials Disclosure
Greeting's
The security issue is caused due to the client storing the LiveUpdate Server login name and password to a local log file in clear text. This can be exploited by malicious users to disclose the configured login name and password for accessing the LiveUpdate packages.
Although this vulnerability is classified as : Less Critical. I have posted it so that Admin's get a head's up.
Product version's affected : Symantec AntiVirus Corporate Edition 9.x
Symantec Windows LiveUpdate 2.x
Solution : Update to version 2.7.38.
Original Advisory :
http://securityresponse.symantec.com...005.09.02.html
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|