| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Sep 26 19:21:58 2005 From: c0ntexb at gmail.com (c0ntex) Subject: CORE-Impact license bypass A 4. version :-) On 26/09/05, Morning Wood <se_cur_ity@...mail.com> wrote: > been known since at least v3.2 > are you using a 3.x or a 4.x series? > i belive the 4.x requires an auth from core before use > > ----- Original Message ----- > From: "c0ntex" <c0ntexb@...il.com> > To: <full-disclosure@...ts.grok.org.uk> > Sent: Monday, September 26, 2005 3:30 AM > Subject: [Full-disclosure] CORE-Impact license bypass > > > I seem to have stumbled over a bug in Core Impact > licensing mechanisms that will allow anyone to continually use the > Core Impact product even after the license has expired. > > This is not a security issue but it is, I feel, either an oversight or > a "feature" which can be abused to utilise the Core Impact product for > longer than designed / desired. > > In my "business funded" Core Impact install on this machine, the > license expired at the end of last month and the usualy "Your license > has expired" pop-up appears, however it is easy to re-enable Core to a > working install by merely changing the system date on the PC to say a > month before the product was due to expire. Oops ;) I guess Core is > using a very simplistic license mechanism. > > Emailed CORE two times, 1 week ago, no reply. > -- > > regards > c0ntex > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- regards c0ntex
Powered by blists - more mailing lists