SweX 871 Posted May 17, 2015 Share Posted May 17, 2015 hxxp://egyptiangeeks.com/information-security/eset-broken-authentication-vulnerability/ Link to comment Share on other sites More sharing options...
siljaline 57 Posted May 18, 2015 Share Posted May 18, 2015 This is not the only site reporting this. ESET have been made aware internally. Link to comment Share on other sites More sharing options...
ESET Staff metaller 49 Posted May 18, 2015 ESET Staff Share Posted May 18, 2015 https://who.is/whois/eu-eset.com tells everything... Link to comment Share on other sites More sharing options...
SweX 871 Posted May 18, 2015 Author Share Posted May 18, 2015 https://who.is/whois/eu-eset.com tells everything... It indeed does, I didn't have time to research more about the url yesterday I only posted it and logged out. If anything is hilarious, it must be that a person saying he is a "Senior Information Security Researcher" didn't bother to research more about the website itself before shouting out about it. “We have taken the report sent to us very seriously and have immediately started our own investigation. The mentioned vulnerability in the ESET activation system doesn’t exist. The vulnerability was found on a fake website that is not owned by ESET or by any ESET partner. That site cannot generate new licenses. The site is currently blocked by the ESET products as a phishing website because it is misleading users and misusing the ESET brand.We don’t recommend accessing the mentioned website and ESET is currently working on shutting it down.” hxxp://malwaretips.com/threads/a-hilarious-eset-broken-authentication-vulnerability.46023/#post-386449 Link to comment Share on other sites More sharing options...
ESET Staff metaller 49 Posted May 19, 2015 ESET Staff Share Posted May 19, 2015 (edited) We all know... case closed Edited May 21, 2015 by metaller Link to comment Share on other sites More sharing options...
Mohamed A. Baset 0 Posted May 21, 2015 Share Posted May 21, 2015 (edited) [**Update**] ESET accused my report as an invalid report “after being accepted and rewarded #######_logic” as this reported backend “eu-eset.com” is a phishing website. The below screenshot reflects how confusion that ESET’s experts are suffering from during the report. Image:hxxp://egyptiangeeks.com/wp-content/uploads/2015/05/@SymbianSyMoh_2015.05.20_05h17m19s_001_.jpg So if that’s really true and let’s argue on that this is true, Then: 1. Kudos to me that I have discovered a vulnerability in a website was built by a people was a good in “something” arguably “phishing” and still kick ESET’s ###### by generating a valid Licenses. 2. More shame on ESET, they were being ###### by this “phishing website” till the moment I reported them because that “phishing website” is generating “by my bypass” an actual paid valid license of their “award-winning product” for free. Here’s another proof on what I’m saying here: Edited May 22, 2015 by Marcos Link to youtube removed Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted May 22, 2015 Administrators Share Posted May 22, 2015 We have taken the report sent to us very seriously and have immediately started our own investigation. The mentioned vulnerability in the ESET activation system doesn’t exist. The vulnerability was found on a fake website that is not owned by ESET or by any ESET partner. That site cannot generate new licenses. The site is currently blocked by the ESET products because it is misleading users and misusing the ESET brand. We don’t recommend accessing the mentioned website and ESET is currently working on shutting it down. Link to comment Share on other sites More sharing options...
Recommended Posts