Symantec Anti-Virus Tool Puts Server Passwords in Danger

A hole in Symantec's Anti Virus Corporate Edition Version 9 could allow an attacker to obtain sensitive server log-in information.

Symantec Corp. is investigating a report of a security hole in a version of its corporate anti-virus product that could expose sensitive username and password information, the company acknowledged.

The reported security hole affects Symantec Anti Virus Corporate Edition Version 9 and could allow an attacker or nonprivileged user to obtain sensitive server log-in information. Details of the vulnerability were posted on the Bugtraq mailing list Wednesday.

/zimages/3/28571.gifSymantecs Gateway Security 5600 Series offers a wide variety of security functions. Click here to read more.

The vulnerability affects organizations that have deployed an internal LiveUpdate server, which distributes anti-virus definition updates to Symantec software clients on a corporate network.

To obtain updates from an internal LiveUpdate Server, client systems are configured with the name, IP address and other vital information about the server, as well as a username and password to access it and download the definition updates. While that information is encrypted on the machines hard drive, information about each update that includes the username and password used to access the server are stored in unencrypted form in logs maintained by Symantec Corporate Anti-Virus, according to the Bugtraq posting.

Symantec customers can also obtain updates from external LiveUpdate servers operated by Symantec, where the same problem is not believed to exist.

An attacker would need to be able to log on to a Windows system to view the logs. However, they are accessible to all users with access to a system, and could be used by a low-level user to gain access to the LiveUpdate servers or other secure servers on a network, according to the Bugtraq posting.

A Symantec spokesman said the companys Incident Response team has been notified of the issue and is evaluating the issue now.

The company isnt aware of reports of any customer effects related to the issue.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.