Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Symantec LiveUpdate
From: "Peter Miller" <pcmiller61 () yahoo com>
Date: Tue, 26 Feb 2002 11:48:05 +0200

Hi All,

In a similar vien would anyone with Symantec Ghost V7.0 installed like to
comment on this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params

Ghost creates a special user account on the machine to run the service under
but it seems it is storing the password for this account in plain text in
the registry.

Regards
Peter


-----Original Message-----
From: Javier Sanchez [mailto:jsanchez157 () hotmail com]
Sent: 25 February 2002 07:15
To: bugtraq () securityfocus com
Subject: Symantec LiveUpdate


Norton Antivirus Corporate Edition includes LiveUpdate.
LiveUpdate stores
Username and Password information in cleartext in the registry.
Depending
on your implementation, you may not need LiveUpdate installed at
all on your
clients.

I brought this to Symantec's attention months ago.  Since then a
new version
of LiveUpdate has been released.  The information is still not encrypted.

Any user with the client installed can run "regedit" search for
"password"
and viola!

Here's a "fix":
Paste the following into a .reg file (i.e. nav.reg) and push it
out to your
clients via login script or whatever:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVe
rsion\LiveUpdateSource]
"Login"=-
"Password"=-




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault