ID CVE-2002-0344 Type cve Reporter NVD Modified 2016-10-17T22:19:33
Description
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
{"osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "## Vulnerability Description\nSymantec LiveUpdate contains a flaw that may lead to an unauthorized password exposure. The problem is that LiveUpdate stores usernames and passwords for a local LiveUpdate server in plaintext in the registry, which may lead to a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nSymantec LiveUpdate contains a flaw that may lead to an unauthorized password exposure. The problem is that LiveUpdate stores usernames and passwords for a local LiveUpdate server in plaintext in the registry, which may lead to a loss of confidentiality.\n## References:\nVendor URL: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=155\nVendor Specific Solution URL: http://www.symantec.com/techsupp/files/lu/lu.html\n[Vendor Specific Advisory URL](http://securityresponse.symantec.com/avcenter/security/Content/2002.02.28a.html)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0276.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0355.html\nISS X-Force ID: 8282\n[CVE-2002-0344](https://vulners.com/cve/CVE-2002-0344)\nBugtraq ID: 4170\n", "modified": "2002-02-25T11:14:50", "published": "2002-02-25T11:14:50", "href": "https://vulners.com/osvdb/OSVDB:4710", "id": "OSVDB:4710", "type": "osvdb", "title": "Symantec LiveUpdate Password Exposure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}