TUCoPS :: HP Unsorted N :: bt-21593.htm

Norman Internet Update Deamon sends cleartext license key on update
Norman Internet Update Deamon sends cleartext license key on update
Norman Internet Update Deamon sends cleartext license key on update


I just discovered, that the linux norman internet update deamon
(niu) sends our corporate license key in cleartext over http when
the first update is triggered. Output of niu --trace shows

SelectNextValServer (1): first: 0
ExtractValServer: 0 from 'niuone.norman.no': Found 'niuone.norman.no'
sAuthUrl='niuone.norman.no/scripts/NIUSrv.dll?GetUpdateInfo?1$asdfa-asdfa-asdfa-

               asdfa-asdfa$000020022050205220702072208020822$5'(117)

asdfa-asdfa-asdfa-asdfa-asdfa is our key.

Norman confirmed the bug but did not provide a timeline for any updates.

Regards

-- 
cubewerk ------------------------------ stefan.bauer@cubewerk.de 
IT-Beratung + Planung ------------------- Tel +49 8621 996 02 37
Herzog-Otto-Stra=DFe 32 ------------------- Fax +49 7211 513 38551
83308 Trostberg -------------------------------- www.cubewerk.de

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH