Golovast

**Name of the Vulnerable Software and Affected Versions** Symantec AntiVirus Corporate Edition versions 9.0.1.x through 9.0.4.x **Description** The issue concerns the storage of sensitive information in cleartext in the Log.Liveupdate log file when obtaining updates from an internal LiveUpdate server. This allows attackers to obtain the `username` and `password` to the internal LiveUpdate server. **Recommendations** For Symantec AntiVirus Corporate Edition versions 9.0.1.x through 9.0.4.x, consider restricting access to the Log.Liveupdate log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.