[24415] in bugtraq
RE: Symantec LiveUpdate
daemon@ATHENA.MIT.EDU (Peter Miller)
Tue Feb 26 13:22:29 2002
Reply-To: <pcmiller61@yahoo.com>
From: "Peter Miller" <pcmiller61@yahoo.com>
To: "Javier Sanchez" <jsanchez157@hotmail.com>, <bugtraq@securityfocus.com>
Date: Tue, 26 Feb 2002 11:48:05 +0200
Message-ID: <LPBBLOPHKCDACODGKEFJIEGLDDAA.pcmiller61@yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <F225mylmdPeMOoFqAnD00014d81@hotmail.com>
Hi All,
In a similar vien would anyone with Symantec Ghost V7.0 installed like to
comment on this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params
Ghost creates a special user account on the machine to run the service under
but it seems it is storing the password for this account in plain text in
the registry.
Regards
Peter
> -----Original Message-----
> From: Javier Sanchez [mailto:jsanchez157@hotmail.com]
> Sent: 25 February 2002 07:15
> To: bugtraq@securityfocus.com
> Subject: Symantec LiveUpdate
>
>
> Norton Antivirus Corporate Edition includes LiveUpdate.
> LiveUpdate stores
> Username and Password information in cleartext in the registry.
> Depending
> on your implementation, you may not need LiveUpdate installed at
> all on your
> clients.
>
> I brought this to Symantec's attention months ago. Since then a
> new version
> of LiveUpdate has been released. The information is still not encrypted.
>
> Any user with the client installed can run "regedit" search for
> "password"
> and viola!
>
> Here's a "fix":
> Paste the following into a .reg file (i.e. nav.reg) and push it
> out to your
> clients via login script or whatever:
> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVe
> rsion\LiveUpdateSource]
> "Login"=-
> "Password"=-
>
