Sponsored By

Symantec Patches Another Anti-Virus Security Flaw

The vulnerability in its enterprise anti-virus software could give attackers access to server usernames and passwords.

Gregg Keizer

September 6, 2005

1 Min Read

Symantec has posted a patch for a vulnerability in its enterprise anti-virus softwarethat could give attackers systematic access to server usernames and passwords.

First disclosed last week on the Bugtraq security mailing list, the flaw could allow an attacker or unauthorized user to view server usernames and passwords in clear text posted to a log file generated by AntiVirus 9 as it connects to and downloads updates from Symantec's Live Update system.

Any user, whether local or remote, who had access to the network could view the log file and obtain access to the Live Update server. The vulnerability does not affect home and small business users, however; typically, those users connect to Symantec's own Live Update servers for new anti-virus signatures.

On Friday, Symantec published a security advisory and linked to updates for the Live Update client that's used by AntiVirus 9 Corporate.

Symantec also recommended that customers assign a unique name and password for accessing LiveUpdate so that even if this account is obtained, attackers won't be able to gain control of other servers or systems.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights