panda internet security 2015 bug
ka at mayten.sch.bme.hu
ka at mayten.sch.bme.hu
2015. Ápr. 15., Sze, 09:23:28 CEST
Hello,
elofordult mostanaban a 'panda' string nehany levelben, amiket bevallom
nem olvastam el tul figyelmesen (nem hasznalok viruskeresot/irtot igy
nem erint), igy nem tudom, ugyanerrol a termekrol volt-e szo. de ha
igen es valaki hasznalja, akkor ez erdekelheti.
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-012.txt
A lenyeg:
Affected Version(s): 15.0.1
Tested Version(s): 15.0.1
Solution Status: Not fixed
The endpoint protection software Panda Internet Security 2015 offers
a password protection in order to restrict access to the management
console. With an enabled password protection, changing settings or
deactivating the protection features requires the set password.
[...]
The SySS GmbH also found out, that the actual set password for the
password protection can be extracted as cleartext during runtime from
the process PSUAMain.exe.
Thus, a limited Windows user or malware running in the context of such a
user is able to deactivate Panda Internet Security 2015 in an
unauthorized manner and furthermore to extract the actual password as
cleartext.
udv
adam
További információk a(z) Techinfo levelezőlistáról