User Credentials Leakage in Panda Cloud Office Protection

[Buherátor <buherator () gmail com>]

Dear List,

More than a year ago I identified a pretty serious bug in the deployment
system of Panda Cloud Office Protection. The bug seems to be fixed since
version 6 (I didn't assess the new implementation thoroughly), but I am
unaware of any official notices about it from the vendor although
management passwords may still be recovered from leftover installers, so I
think it worth to publish the info here:

http://vimeo.com/66384124

Buherátor
http://buhera.blog.hu
PGP: 1DD5 6AFB 0660 4106 7B70  4F71 B84C 47BD 86EA 1855

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/