Symantec LiveUpdate Password Exposure

2002-02-25T11:14:50
ID OSVDB:4710
Type osvdb
Reporter Javier Sanchez(jsanchez157@hotmail.com)
Modified 2002-02-25T11:14:50

Description

Vulnerability Description

Symantec LiveUpdate contains a flaw that may lead to an unauthorized password exposure. The problem is that LiveUpdate stores usernames and passwords for a local LiveUpdate server in plaintext in the registry, which may lead to a loss of confidentiality.

Solution Description

Upgrade to version 1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Symantec LiveUpdate contains a flaw that may lead to an unauthorized password exposure. The problem is that LiveUpdate stores usernames and passwords for a local LiveUpdate server in plaintext in the registry, which may lead to a loss of confidentiality.

References:

Vendor URL: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=155 Vendor Specific Solution URL: http://www.symantec.com/techsupp/files/lu/lu.html Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0276.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0355.html ISS X-Force ID: 8282 CVE-2002-0344 Bugtraq ID: 4170