[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] User Credentials Leakage in Panda Cloud Office Protection

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] User Credentials Leakage in Panda Cloud Office Protection
From: Buherátor <buherator@xxxxxxxxx>
Date: Wed, 19 Jun 2013 15:54:40 +0200

Dear List,

More than a year ago I identified a pretty serious bug in the deployment
system of Panda Cloud Office Protection. The bug seems to be fixed since
version 6 (I didn't assess the new implementation thoroughly), but I am
unaware of any official notices about it from the vendor although
management passwords may still be recovered from leftover installers, so I
think it worth to publish the info here:

http://vimeo.com/66384124

Buherátor
http://buhera.blog.hu
PGP: 1DD5 6AFB 0660 4106 7B70  4F71 B84C 47BD 86EA 1855

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2698-1] tiff security update
Next by Date: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2698-1] tiff security update
Next by thread: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Index(es):
- Date
- Thread