• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Symantec Norton Antivirus LiveUpdate Plaintext Credentials Vulnerability

Symantec Norton AntiVirus contains a feature called LiveUpdate. LiveUpdate is a process that checks for new virus definitions over the internet, downloads and installs them from a Symantec site. This process can either be scheduled or performed manually.

Authentication credentials for the LiveUpdate service are stored in plaintext in the Windows registry. It is possible for a local attacker or malicious users on client machines to gain access to this information.

This issue has been reported for LiveUpdate running with Symantec Norton AntiVirus Corporate Edition. It is possible that other products which use the LiveUpdate service may also be affected by this vulnerability.

Symantec has reported that LiveUpdate 1.5 and 1.6 encrypt the username and
password by default. It is believed that this is not a LiveUpdate issue, it is an internal server issue when passing the username and password to the client system.