lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon Sep 26 20:21:58 2005
From: toddtowles at brookshires.com (Todd Towles)
Subject: CORE-Impact license bypass

The real question is, do you get module updates after doing this?  

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Josh Perrymon
> Sent: Monday, September 26, 2005 2:15 PM
> To: c0ntex; Morning Wood
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: RE: [Full-disclosure] CORE-Impact license bypass
> 
> But the only way to get a copy of the pgm is if you buy it right?
> 
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of c0ntex
> Sent: Monday, September 26, 2005 2:22 PM
> To: Morning Wood
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] CORE-Impact license bypass
> 
> A 4. version  :-)
> 
> On 26/09/05, Morning Wood <se_cur_ity@...mail.com> wrote:
> > been known since at least v3.2
> > are you using a 3.x or a 4.x series?
> > i belive the 4.x requires an auth from core before use
> >
> > ----- Original Message -----
> > From: "c0ntex" <c0ntexb@...il.com>
> > To: <full-disclosure@...ts.grok.org.uk>
> > Sent: Monday, September 26, 2005 3:30 AM
> > Subject: [Full-disclosure] CORE-Impact license bypass
> >
> >
> > I seem to have stumbled over a bug in Core Impact licensing 
> mechanisms 
> > that will allow anyone to continually use the Core Impact 
> product even 
> > after the license has expired.
> >
> > This is not a security issue but it is, I feel, either an 
> oversight or 
> > a "feature" which can be abused to utilise the Core Impact 
> product for 
> > longer than designed / desired.
> >
> > In my "business funded" Core Impact install on this machine, the 
> > license expired at the end of last month and the usualy 
> "Your license 
> > has expired" pop-up appears, however it is easy to 
> re-enable Core to a 
> > working install by merely changing the system date on the 
> PC to say a 
> > month before the product was due to expire. Oops  ;) I 
> guess Core is 
> > using a very simplistic license mechanism.
> >
> > Emailed CORE two times, 1 week ago, no reply.
> > --
> >
> > regards
> > c0ntex
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
> 
> --
> 
> regards
> c0ntex
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ