Have discovered a major, obvious security flaw. Where should this be reported?

asked 02 Mar '15, 00:57

mirage335's gravatar image

mirage335
01
accept rate: 0%

asked 02 Mar '15, 00:57


Btw, this issue has been evaluated and triaged. It does *not* provide privilege escalation and is only available to people who have significant access to the system already. All of that said, it is on my agenda to resolve this issue this weekend. Major thanks to mirage335 for reporting it.
permanent link

answered 04 Apr '15, 02:06

caseydk's gravatar image

caseydk ♦♦
717243045
accept rate: 31%

answered 04 Apr '15, 02:06

I'd suggest sending to Keith Casey. He's been pretty quiet recently so may be having a well earned break. Usual practice would be to send the info encrypted using pgp which means that you will need your own key & get hold of Keith's public key. The other one is nature of the vulnerability & whether this is only an issue for internet facing w2p applications or a potentially significant issue within an organisation. Cheers, Sasquatch
permanent link

answered 02 Mar '15, 03:52

sasquatch58's gravatar image

sasquatch58
211133
accept rate: 11%

answered 02 Mar '15, 03:52

We had a baby about 6 weeks ago so yes, I've taken a bit of time offline. :)

(02 Mar '15, 17:26) caseydk ♦♦ caseydk's gravatar image

Congrats!

(02 Mar '15, 17:28) mirage335 mirage335's gravatar image

keith 'aT' caseysoftware 'd0t com'

pool.sks-keyservers.net has a key for that address

So, I should send the issue to that address?

whether this is only an issue for internet facing w2p applications or a potentially significant issue within an organisation

Both.

permanent link

answered 02 Mar '15, 10:36

mirage335's gravatar image

mirage335
01
accept rate: 0%

edited 29 Dec '16, 10:57

caseydk's gravatar image

caseydk ♦♦
717243045

.... and asap, if it is that serious. Thanks, Matt

(02 Mar '15, 11:14) mved mved's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×7
×4
×1

question asked: 02 Mar '15, 00:57

question was seen: 243 times

last updated: 29 Dec '16, 10:57

powered by Bitnami OSQA