In the first finding, it has been affirmed in the report that HTTP is unencrypted clear text, and it can be grasped, planned, or highjacked by anyone with the capacity to see that traffic. However, in one of the trial versions of WinZip, a popup is displayed from time to time, and this popup’s main content is filled through http that could easily be adjusted by an attacker on the network. The security experts of Trustwave firm, Martin Rakhmanov asserted that it’s the user who thinks that it is a new version that could administer the malicious code. WinZip has been a long-standing service for Windows users with file archiving requirements beyond the support that has been built in the operating system. It also resembled that the registration data was transferred via http, like the username and registration code. WinZip is currently at version 25, but shortly after it releases, check the server for updates over an unencrypted link, a vulnerability that could be exploited by an ill-disposed actor.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |