CNET también está disponible en español.

Ir a español

Don't show this again


Glitch fixed in Symantec Corporate AntiVirus

Symantec releases a fix for a weakness in the way its corporate antivirus software stores log-in credentials.

Symantec late on Friday released an update for AntiVirus Corporate Edition 9.0 to fix a security weakness that was disclosed earlier last week. The unpatched software stores usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates. One scenario in which these credentials could be abused is by a local attacker to gain higher privileges, according to a post on the Bugtraq mailing list last week.

Symantec has now updated its LiveUpdate client to address the problem, according to a security advisory. Still, the company recommends that LiveUpdate user accounts are unique for accessing LiveUpdate only, and have no other system access. Symantec ranks the password problem "medium" risk.