Symantec corporate AV software compromises servers

Symantec’s AntiVirus 9 Corporate Edition security software can be used by unauthorised users to take control of company servers.

Symantec’s AntiVirus 9 Corporate Edition security software can be used by unauthorised users to take control of company servers.

A flaw reported on the Bugtraq security mailing list, and acknowledged by Symantec, allows local attackers to view server log-in usernames and passwords in clear text.

The information is posted to a log file generated by AntiVirus 9 as it connects to and downloads updates from Symantec's LiveUpdate system.

The log also includes the server name, the IP address, the subnet and subnet mask, as well as the connection protocol.

Symantec said it is aware of the problem and is investigating the matter.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close