1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Flaws found in Bitdefender enterprise endpoint manager

Discussion in 'Security Updates' started by snoopy, Jul 18, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    Flaws found in Bitdefender enterprise endpoint manager
    Hardcoded GravityZone creds to be wiped at month's end

    Holes have been reported in Bitdefender's Gravity end-point protection platform that allow hackers to target corporate infrastructure.

    Researcher Stefan Viehbock of SEC Consult Vulnerability Lab said the flaw affecting the latest version provided an entry point for attackers to move laterally through the network. "Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access," Viehbock said in an advisory. "Furthermore attackers can manage all endpoints."

    Gravity contained three vulnerabilities, two of which were patched including an unauthenticated local file disclosure in the platforms' web console and update server that allowed attackers to read arbitrary files - including cleartext passwords - "from the filesystem with the privileges of the nginx operating system user."


    Story: http://www.theregister.co.uk/2014/07/17/flaws_found_in_bitdefender_enterprise_endpoint_manager/
     
    snoopy, Jul 18, 2014
    #1

Share This Page