| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY19-DAV9299A0141F9786CAB99E1D98B0@phx.gbl> Date: Mon Sep 26 19:15:46 2005 From: se_cur_ity at hotmail.com (Morning Wood) Subject: CORE-Impact license bypass been known since at least v3.2 are you using a 3.x or a 4.x series? i belive the 4.x requires an auth from core before use ----- Original Message ----- From: "c0ntex" <c0ntexb@...il.com> To: <full-disclosure@...ts.grok.org.uk> Sent: Monday, September 26, 2005 3:30 AM Subject: [Full-disclosure] CORE-Impact license bypass I seem to have stumbled over a bug in Core Impact licensing mechanisms that will allow anyone to continually use the Core Impact product even after the license has expired. This is not a security issue but it is, I feel, either an oversight or a "feature" which can be abused to utilise the Core Impact product for longer than designed / desired. In my "business funded" Core Impact install on this machine, the license expired at the end of last month and the usualy "Your license has expired" pop-up appears, however it is easy to re-enable Core to a working install by merely changing the system date on the PC to say a month before the product was due to expire. Oops ;) I guess Core is using a very simplistic license mechanism. Emailed CORE two times, 1 week ago, no reply. -- regards c0ntex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists