Symantec patches corporate anti-virus software

By

Symantec has issued a patch for a flaw in its corporate anti-virus software that could allow an attacker to access a server.

The flaw in Symantec Anti Virus Corporate Edition v.9.x reveals the server login name and password of the system administrator in charge of the LiveUpdate for the software.


When the LiveUpdate client checks for updates, the LiveUpdate server login name and password are written to a local log file in clear text, according to Symantec.

The company recommends that the user account for the administrator responsible for the LiveUpdate be unique for accessing LiveUpdate packages only, and have no other system access.

www.symantec.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Log In

  |  Forgot your password?