Results 1 to 4 of 4

Thread: Symantec Anti-Virus LiveUpdate Credentials Disclosure

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

September 5th, 2005, 08:12 PM #1
ByTeWrangler

View Profile

View Forum Posts

Visit Homepage
StOrM™

Join Date

Aug 2004

Posts

1,003
Symantec Anti-Virus LiveUpdate Credentials Disclosure

Greeting's

The security issue is caused due to the client storing the LiveUpdate Server login name and password to a local log file in clear text. This can be exploited by malicious users to disclose the configured login name and password for accessing the LiveUpdate packages.

Although this vulnerability is classified as : Less Critical. I have posted it so that Admin's get a head's up.

Product version's affected : Symantec AntiVirus Corporate Edition 9.x

Symantec Windows LiveUpdate 2.x

Solution : Update to version 2.7.38.

Original Advisory :

http://securityresponse.symantec.com...005.09.02.html

Parth Maniar,
CISSP, CISM, CISA, SSCP

*Thank you GOD*

Greater the Difficulty, SWEETER the Victory.

Believe in yourself.
Reply With Quote

Quick Navigation AntiVirus Discussions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Symantec Anti-Virus LiveUpdate Credentials Disclosure

Thread Tools

Display

Threaded View

Symantec Anti-Virus LiveUpdate Credentials Disclosure

Posting Permissions