mailing list archives
RE: Symantec LiveUpdate
From: "Peter Miller" <pcmiller61 () yahoo com>
Date: Tue, 26 Feb 2002 11:48:05 +0200
In a similar vien would anyone with Symantec Ghost V7.0 installed like to
comment on this key:
Ghost creates a special user account on the machine to run the service under
but it seems it is storing the password for this account in plain text in
From: Javier Sanchez [mailto:jsanchez157 () hotmail com]
Sent: 25 February 2002 07:15
To: bugtraq () securityfocus com
Subject: Symantec LiveUpdate
Norton Antivirus Corporate Edition includes LiveUpdate.
Username and Password information in cleartext in the registry.
on your implementation, you may not need LiveUpdate installed at
all on your
I brought this to Symantec's attention months ago. Since then a
of LiveUpdate has been released. The information is still not encrypted.
Any user with the client installed can run "regedit" search for
Here's a "fix":
Paste the following into a .reg file (i.e. nav.reg) and push it
out to your
clients via login script or whatever: