[ news_security_news ]
Symantec Scan Engine Needs A Tuneup
David Utter
Staff Writer
2006-04-24
 Insider Reports RSS Feed
Three moderately critical flaws in the Symantec Scan Engine pose a potential threat of exposing sensitive information through a man-in-the-middle attack.
According to the company, the Symantec Scan Engine is a TCP/IP server and programming interface that enables third parties to incorporate support for Symantec content scanning technologies into their proprietary applications.
However, advisory tracking firm Secunia has picked up a trio of problems with that product in version 5.0. Any of the three flaws could possibly be exploited.
Symantec said the engine "fails to properly authenticate web-based user logins. Anyone with knowledge of the underlying communication mechanism can control the Scan Engine server."
Fortunately, defeating these flaws should be easy enough. Symantec recommends upgrading to version 5.1 from the vulnerable 5.0 as soon as possible.
---
Tag: Symantec
Add to | DiggThis | Yahoo! My Web | Furl It
Bookmark WebProNews - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
