[原文]Norton AntiVirus for Internet Email Gateways (NAVIEG) 220.127.116.11 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
Symantec's Norton Anti-Virus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program stores the plaintext admin password in the navieg.ini file (for Norton AntiVirus for Internet Email Gateways), or in the HKLM\Software\Symantec\NAVMSE\1.5\ModifyPassword registry key (for Norton AntiVirus for MS Exchange). This may allow a local authenticated attacker to gain access to the admin password. Note: the admin password is for the Norton software, not the administrator password for the operating system.
OSVDB is not aware of a solution for this vulnerability.