Apple donates to LGBTQ youth org T-Mobile's $50 unlimited home internet Stimulus check vote Friday? GameStop stock rallies Zack Snyder's Army of the Dead trailer Post Malone to headline Pokemon Day

Symantec probes report of antivirus product flaw

Security software vendor is investigating a report of a weakness in the way its corporate antivirus software stores login credentials.

Symantec is investigating a report of a weakness in the way its corporate antivirus software stores login credentials, the security vendor said on Wednesday.

Symantec's AntiVirus Corporate Edition 9.0 saves usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates, according to a post on the Bugtraq mailing list. The credentials are stored in a fixed location on the computer that's accessible by any user, according to the bug report.

Symantec's Incident Response team has been notified of the suspected issue, a Symantec representative said on Thursday. "Symantec's product teams are evaluating the issue now and, if necessary, will provide a prompt response and solution," the representative said.

One scenario in which the user credentials could be abused is by a local attacker to gain higher privileges, according to the bug report.

As a workaround, users of AntiVirus Corporate Edition could set their systems to allow anonymous, read-only access to the LiveUpdate server, one Bugtraq reader advises. "The downside is that anyone can take a look at the state of your LiveUpdate files and might use version or product information against you in some way," the reader writes.