Password Reset Vulnerability in Symantec LiveUpdate Administrator
CVE-2014-1644

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 29 March 2014

Summary

The password reset feature in the management GUI of Symantec LiveUpdate Administrator versions prior to 2.3.2.110 contains a flaw that allows remote attackers to reset passwords for any user account by supplying the corresponding email address. This can lead to unauthorized access to user accounts and sensitive data, posing a significant risk to the security of applications deployed using this software.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2014-03/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/66399

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 29, 2014
Vulnerability Reserved
Jan 23, 2014