Jump to content
Login new information ×
Login new information

A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)

Batu69

By Batu69
in Software News

Recommended Posts

Batu69

Batu69

Posted
Posted

Hello Geeks and Security Evangelists,

My name is Mohamed Abdelbaset Elnoby, Just another Senior Information Security Researcher and Web Application Pentester in the world ? , Today I would like to show you a “hilarious” Broken Authentication bug I found in ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate millions of valid paid Licenses of “ESET Nod32 Antivirus” as per their description “Our award-winning security software offers the most effective protection available today” for free.
(Yes “hilarious” is in bold, it’s not a formatting mistake but you will know why at the end of the story)

​Read more here>> http://egyptiangeeks.com/information-security/eset-broken-authentication-vulnerability/

​Video Mohamed Abdelbasit shared

Link to comment
Share on other sites
  • Replies 2
  • Views 2.5k
  • Created
  • Last Reply
emerglines

emerglines

Posted
Posted

Encoded one is still working lol!

Link to comment
Share on other sites
Batu69

Batu69

Posted
  • Author
Posted

[**Update**]

ESET Official Statement said:
“We have taken the report sent to us very seriously and have immediately started our own investigation. The mentioned vulnerability in the ESET activation system doesn’t exist. The vulnerability was found on a fake website that is not owned by ESET or by any ESET partner. That site cannot generate new licenses. The site is currently blocked by the ESET products as a phishing website because it is misleading users and misusing the ESET brand.

We don’t recommend accessing the mentioned website and ESET is currently working on shutting it down.”

ESET accused my report as an invalid report “after being accepted and rewarded #badass_logic” as this reported backend “eu-eset.com” is a phishing website.

The below screenshot reflects how confusion that ESET’s experts are suffering from during the report.

@SymbianSyMoh_2015.05.20_05h17m19s_001_.

So if that’s really true and let’s argue on that this is true, Then:

1. Kudos to me that I have discovered a vulnerability in a website was built by a people was a good in “something” arguably “phishing” and still kick ESET’s ass by generating a valid Licenses.

2. More shame on ESET, they were being fucked by this “phishing website” till the moment I reported them because that “phishing website” is generating “by my bypass” an actual paid valid license of their “award-winning product” for free, Here’s another proof on what I’m saying here:

Have a good day, Gentlemen

http://egyptiangeeks.com/information-security/eset-broken-authentication-vulnerability/

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...