RE: Symantec LiveUpdate

["Peter Miller" <pcmiller61 () yahoo com>]

Hi All,

In a similar vien would anyone with Symantec Ghost V7.0 installed like to
comment on this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params

Ghost creates a special user account on the machine to run the service under
but it seems it is storing the password for this account in plain text in
the registry.

Regards
Peter


> -----Original Message-----
> From: Javier Sanchez [mailto:jsanchez157 () hotmail com]
> Sent: 25 February 2002 07:15
> To: bugtraq () securityfocus com
> Subject: Symantec LiveUpdate
>
>
> Norton Antivirus Corporate Edition includes LiveUpdate.
> LiveUpdate stores
> Username and Password information in cleartext in the registry.
> Depending
> on your implementation, you may not need LiveUpdate installed at
> all on your
> clients.
>
> I brought this to Symantec's attention months ago.  Since then a
> new version
> of LiveUpdate has been released.  The information is still not encrypted.
>
> Any user with the client installed can run "regedit" search for
> "password"
> and viola!
>
> Here's a "fix":
> Paste the following into a .reg file (i.e. nav.reg) and push it
> out to your
> clients via login script or whatever:
> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVe
> rsion\LiveUpdateSource]
> "Login"=-
> "Password"=-