Symantec is investigating a report of a weakness in the way its corporate antivirus software stores login credentials, the security vendor said on Wednesday.
Symantec's AntiVirus Corporate Edition 9.0 saves usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates, according to a post on the Bugtraq mailing list. The credentials are stored in a fixed location on the computer that's accessible by any user, according to the bug report.
Symantec's Incident Response team has been notified of the suspected issue, a Symantec representative said on Thursday. "Symantec's product teams are evaluating the issue now and, if necessary, will provide a prompt response and solution," the representative said.
One scenario in which the user credentials could be abused is by a local attacker to gain higher privileges, according to the bug report.
As a workaround, users of AntiVirus Corporate Edition could set their systems to allow anonymous, read-only access to the LiveUpdate server, one Bugtraq reader advises. "The downside is that anyone can take a look at the state of your LiveUpdate files and might use version or product information against you in some way," the reader writes.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
Hamza Kashgari's tweets of an imaginary conversation with the Prophet Mohammad are viewed as blasphemous by the Saudi Arabian government. Now he faces trial with a possible death sentence.
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation