The flaw in Symantec Anti Virus Corporate Edition v.9.x reveals the server login name and password of the system administrator in charge of the LiveUpdate for the software.
When the LiveUpdate client checks for updates, the LiveUpdate server login name and password are written to a local log file in clear text, according to Symantec.
The company recommends that the user account for the administrator responsible for the LiveUpdate be unique for accessing LiveUpdate packages only, and have no other system access.
