CVE-2005-2766

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions 9.0.1.x through 9.0.4.x

Description The issue concerns the storage of sensitive information in cleartext in the Log.Liveupdate log file when obtaining updates from an internal LiveUpdate server. This allows attackers to obtain the username and password to the internal LiveUpdate server.

Recommendations For Symantec AntiVirus Corporate Edition versions 9.0.1.x through 9.0.4.x, consider restricting access to the Log.Liveupdate log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.