Jump to content

ESET revealing Host OS via plaintext HTTP?


Recommended Posts

After analyzing my Network traffic, I found some unencrypted HTTP-Requests. After investigating further, it seems those requests are sent by eset-software on the Clients in the Network.

ESET Software is revealing the Host OS-Version and Processor-Architecture in plain text via HTTP to several IP-Adresses:

91.288.166.0/24
91.228.167.0/24
185.94.157.11

It seems, that those requests are used to concact update-servers.
My question:

Can I block those requests without restricting the functionality of the eset products?

I see a security issue, as a man-in-the-middle-attack easily can find out the target OS and used security Software.

Link to comment
Share on other sites

  • Administrators

It is not possible to block update requests without affecting update. Information about the AV is not sensitive, potential attackers could figure it out from the addresses that the machine contacted. Also information about the OS does not say anything about what OS updates or vulnerable applications you have installed that could be misused in a further attack.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...