Security Exploit in your licensing manager

Issues related to VMProtect
Post Reply
ferdo
Posts: 17
Joined: Tue Aug 27, 2013 8:43 pm

Security Exploit in your licensing manager

Post by ferdo »

Hi,

we receive email like this:
From: Joey Stamp [mailto:gooman93@bk.ru]
Sent: Monday, October 12, 2015 04:19 PM
To: dean@...; miguel@...
Subject: Security Exploit in your licensing manager

Hello,

I just wanted to inform you that your site: http://cc-licensing.com is vulnable to the following exploit:

Username: exp:NULL UNION SELECT 1337, 0x663467, SHA1(0x663467), 0x663467407461707a2e6575, 1, 0
Password: f4g

The company "VM Protect" said that they've fixed the issue, but you didn't upgrade yet. It would be smart to update the Web Licensing Manager to the newest version to fix the security exploit.
I searched the forum and the vmp soft website but cannot find an upgrade to the licensing manager.

Are those email a scam?
ferdo
Posts: 17
Joined: Tue Aug 27, 2013 8:43 pm

Re: Security Exploit in your licensing manager

Post by ferdo »

Oeps, I tried the suggested username and password on our licensing server and they WORK!!!

Where can I download a fixed version of the web license manager?

Ferdinand
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Security Exploit in your licensing manager

Post by Admin »

This bug was fixed in the version 2.2.2 (the latest version is 2.4.2). The latest version is available for registered users with unexpired free updates period.
ferdo
Posts: 17
Joined: Tue Aug 27, 2013 8:43 pm

Re: Security Exploit in your licensing manager

Post by ferdo »

Sorry? I do not want the latest version. I want a fixed version.

Leon Kohlen (the owner, i'm the developer) bought Version 2.13 on august 19 2013.

Now we are aware that these security problems were known to you at the end of 2013 and fixed.
https://forum.tuts4you.com/topic/34013- ... abilities/

We had since that time not the opportunity to download a fixed version. You did not notice us of a serious security problem with your web license manager. And now you tell us we have to BUY a security fix!

Please make version 2.2.2 of the weblm available to legal owners of the serious flawed previous version.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Security Exploit in your licensing manager

Post by Admin »

The fixed version sent to Leon. Please check it.
bitman2112
Posts: 75
Joined: Wed Oct 30, 2013 5:24 pm

Re: Security Exploit in your licensing manager

Post by bitman2112 »

Me too please.

Thank you.
Post Reply