lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAAyDpL_zzkwprLgTwWCMZiPZ_J7j6=X8jEX=d_xx_Fo0mZr15g@mail.gmail.com>
Date: Wed, 19 Jun 2013 15:54:40 +0200
From: Buherátor <buherator@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: User Credentials Leakage in Panda Cloud Office
	Protection

Dear List,

More than a year ago I identified a pretty serious bug in the deployment
system of Panda Cloud Office Protection. The bug seems to be fixed since
version 6 (I didn't assess the new implementation thoroughly), but I am
unaware of any official notices about it from the vendor although
management passwords may still be recovered from leftover installers, so I
think it worth to publish the info here:

http://vimeo.com/66384124

Buherátor
http://buhera.blog.hu
PGP: 1DD5 6AFB 0660 4106 7B70  4F71 B84C 47BD 86EA 1855

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ