Clop seems to be on a roll, first with GoAnywhere and now with Moveit

  • TribesmanJohn@beehaw.orgOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    https://community.progress.com/s/question/0D54Q0000AL2k8jSQB/moveit-transfer-critical-vulnerability-may-2023

    I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)

    Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)

    • argv_minus_one@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who’s working too hard. But SQL injection vulnerabilities are the result of doing something we’ve been taught for decades to never do, so I can’t imagine any excuse for this.