CNET también está disponible en español.

Ir a español

Don't show this again

Oscar Isaac to play Snake 2021 Ford Bronco delayed Walmart drone holiday light show Fauci to join Biden's COVID team Mulan free on Disney Plus The Mandalorian episode recap PS5 inventory

Glitch fixed in Symantec Corporate AntiVirus

Symantec releases a fix for a weakness in the way its corporate antivirus software stores log-in credentials.

Symantec late on Friday released an update for AntiVirus Corporate Edition 9.0 to fix a security weakness that was disclosed earlier last week. The unpatched software stores usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates. One scenario in which these credentials could be abused is by a local attacker to gain higher privileges, according to a post on the Bugtraq mailing list last week.

Symantec has now updated its LiveUpdate client to address the problem, according to a security advisory. Still, the company recommends that LiveUpdate user accounts are unique for accessing LiveUpdate only, and have no other system access. Symantec ranks the password problem "medium" risk.