Jump to content

"A Hilarious ESET Broken Authentication Vulnerability"

SweX

By SweX
in General Discussion

 Share

Recommended Posts

SweX

SweX 871

Posted
  • Author
Posted

https://who.is/whois/eu-eset.com

 

tells everything...

It indeed does, I didn't have time to research more about the url yesterday I only posted it and logged out. If anything is hilarious, it must be that a person saying he is a  "Senior Information Security Researcher" didn't bother to research more about the website itself before shouting out about it.

 

“We have taken the report sent to us very seriously and have immediately started our own investigation. The mentioned vulnerability in the ESET activation system doesn’t exist. The vulnerability was found on a fake website that is not owned by ESET or by any ESET partner. That site cannot generate new licenses. The site is currently blocked by the ESET products as a phishing website because it is misleading users and misusing the ESET brand.

We don’t recommend accessing the mentioned website and ESET is currently working on shutting it down.”

 

hxxp://malwaretips.com/threads/a-hilarious-eset-broken-authentication-vulnerability.46023/#post-386449

Link to comment
Share on other sites
Mohamed A. Baset

Mohamed A. Baset 0

Posted
Posted (edited)

[**Update**]

ESET accused my report as an invalid report “after being accepted and rewarded #######_logic” as this reported backend “eu-eset.com” is a phishing website.

The below screenshot reflects how confusion that ESET’s experts are suffering from during the report.

Image:
hxxp://egyptiangeeks.com/wp-content/uploads/2015/05/@SymbianSyMoh_2015.05.20_05h17m19s_001_.jpg

 

So if that’s really true and let’s argue on that this is true, Then:
 1. Kudos to me that I have discovered a vulnerability in a website was built by a people was a good in “something” arguably “phishing” and still kick ESET’s ###### by generating a valid Licenses.
 2. More shame on ESET, they were being ###### by this “phishing website” till the moment I reported them because that “phishing website” is generating “by my bypass” an actual paid valid license of their “award-winning product” for free.
 

Here’s another proof on what I’m saying here:

Edited by Marcos
Link to youtube removed
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

We have taken the report sent to us very seriously and have immediately started our own investigation. The mentioned vulnerability in the ESET activation system doesn’t exist. The vulnerability was found on a fake website that is not owned by ESET or by any ESET partner. That site cannot generate new licenses. The site is currently blocked by the ESET products because it is misleading users and misusing the ESET brand.

We don’t recommend accessing the mentioned website and ESET is currently working on shutting it down.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...