Weakness in Symantec LiveUpdate Server Authentication Security
CVE-2002-0344

Currently unrated

Key Information:

Vendor

Symantec

Vendor
CVE Published:
25 June 2002

What is CVE-2002-0344?

The Symantec LiveUpdate component within Norton Antivirus versions 1.5 and earlier has a serious security flaw where usernames and passwords for accessing local LiveUpdate servers are stored in cleartext in the Windows registry. This design oversight potentially allows an attacker with local access or remote capabilities to impersonate the LiveUpdate server. If exploited, this vulnerability could lead to unauthorized software updates or further compromise of the affected system, emphasizing the need for secure handling of sensitive information.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.