[VIM] Why the censorship? (was re: Inquira: Multiple Vulnerabilities)
jericho at attrition.org
Sun Aug 30 07:56:10 UTC 2009
The mail to Full-disclosure on Mar 20, 2009 has been edited on the
archives of Neohapsis:
Every occurrence of "Inquira" has been redacted. Since the original
disclosure suggests the vendor was contacted, and chose not to reply, it
is curious that their name would be removed from your archive.
Could you explain why, or at the very least share what I suspect was a C&D
style letter demanding their name be removed?
I ask because other archives do not redact their name for whatever reason:
- security curmudgeon
---------- Forwarded message ----------
From: Kristian Erik Hermansen <kristian.hermansen at gmail.com>
To: full-disclosure at lists.grok.org.uk
Date: Fri, 20 Mar 2009 01:34:28 -0700
Subject: [Full-disclosure] Inquira: Multiple Vulnerabilities
During a recent penetration test, we discovered and worked with
Inquira to close numerous web-based issues. The vendor has not
replied back about a formal release of these issues, so I am posting
this notice here to inform customers to check for an update for their
products. You can contact Inquira via the link below.
Additionally, it is also advised that customers change the default
passwords used by the affected software. For instance, the default
Apache Tomcat administrator account details are listed below and
should probably be added to publicly listed default password databases
Kristian Erik Hermansen
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
More information about the VIM