Weakness in Symantec LiveUpdate Server Authentication Security
CVE-2002-0344

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate
Vendor: CVE Published:; 25 June 2002

Summary

The Symantec LiveUpdate component within Norton Antivirus versions 1.5 and earlier has a serious security flaw where usernames and passwords for accessing local LiveUpdate servers are stored in cleartext in the Windows registry. This design oversight potentially allows an attacker with local access or remote capabilities to impersonate the LiveUpdate server. If exploited, this vulnerability could lead to unauthorized software updates or further compromise of the affected system, emphasizing the need for secure handling of sensitive information.

References

http://www.securityfocus.com/bid/4170

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/8282.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=101466781122312&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jun 25, 2002
Vulnerability Reserved
May 1, 2002