Symantec plugs server vulnerability

Symantec has issued a patch to plug a vulnerability in its enterprise anti-virus software, which came to light at the end of last week.

Symantec has issued a patch to plug a vulnerability in its enterprise anti-virus software, which came to light at the end of last week.

The speedy response will stop attackers taking advantage of a flaw which allows internal hackers to take control of enterprise servers.

The flaw, in Version 9 of Symantec’s Anti Virus Corporate Edition product, exposes the server login name and password, along with other security information, when automatic updates to the software are sent by Symantec over the internet.

Details of such communications are displayed in a log file in clear text on the server. The flaw could be even more damaging if the same login and password is used on other servers managing other sensitive applications.

No attacks taking advantage of the flaw have so far been reported.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close