CVE-2014-1644

Name of the Vulnerable Software and Affected Versions Symantec LiveUpdate Administrator versions prior to 2.3.2.110

Description The issue concerns the forgotten-password feature in the management GUI of Symantec LiveUpdate Administrator. It allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.

Recommendations For versions prior to 2.3.2.110, update to version 2.3.2.110 or later to resolve the issue. As a temporary workaround, consider restricting access to the forgotten-password feature in the management GUI until the update is applied.