lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201408281617.s7SGHqnP014075@sf01web2.securityfocus.com>
Date: Thu, 28 Aug 2014 16:17:52 GMT
From: security@...spot.com
To: bugtraq@...urityfocus.com
Subject: Re: SaaS Marketing platform Hubspot export vulnerability

We at HubSpot take the concerns of the security community seriously, and continuously work to improve our posture in this ever-changing field. We do have predefined roles in the application which allow our customers to segment users permissions based on their role. These horizontal permissions are quite common among SaaS vendors.

The export functionality mentioned does have existing auditing capability in the back end. For exports, we have full audit trails for the timestamp, link to the file, customer id, and user id for all requests. We have never exposed this audit data to our customers through the UI because there has never been a high demand for this functionality. This issue is now in queue with our Engineering team and we will be releasing it shortly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ