Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
The vulnerability in its enterprise anti-virus software could give attackers access to server usernames and passwords.
1 Min Read
Symantec has posted a patch for a vulnerability in its enterprise anti-virus softwarethat could give attackers systematic access to server usernames and passwords.
First disclosed last week on the Bugtraq security mailing list, the flaw could allow an attacker or unauthorized user to view server usernames and passwords in clear text posted to a log file generated by AntiVirus 9 as it connects to and downloads updates from Symantec's Live Update system.
Any user, whether local or remote, who had access to the network could view the log file and obtain access to the Live Update server. The vulnerability does not affect home and small business users, however; typically, those users connect to Symantec's own Live Update servers for new anti-virus signatures.
On Friday, Symantec published a security advisory and linked to updates for the Live Update client that's used by AntiVirus 9 Corporate.
Symantec also recommended that customers assign a unique name and password for accessing LiveUpdate so that even if this account is obtained, attackers won't be able to gain control of other servers or systems.
About the Author(s)
You May Also Like
More Insights
Webinars
Editor's Choice
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now