KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Unquoted Service Path Considerations

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Wish list
View previous topic :: View next topic  
Author Message
paulnus



Joined: 29 Aug 2011
Posts: 17

PostPosted: Sat Nov 14, 2020 8:08 am    Post subject: Unquoted Service Path Considerations Reply with quote

We regularly run security scans and often we see that the RMA installs will be vulnerable to an "unquoted service path". I was hoping future releases could consider having protections in place so that when installed using the configuration tool, it will have proper wrapped quotes to prevent potential exploits.

References:
http://www.nessus.org/u?84a4cc1c
http://cwe.mitre.org/data/definitions/428.html
https://www.commonexploits.com/unquoted-service-paths/
http://www.nessus.org/u?4aa6acbc

The resolution would be to ensure double quotes surround the service path in the registry.
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Mon Nov 16, 2020 10:45 am    Post subject: Reply with quote

Thank you for the tip, will be changed in next version

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed Dec 02, 2020 5:19 am    Post subject: Reply with quote

Done in version 12.60

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Wish list All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index