ISGroup

Security fix in EasyAudit Exposure

We want to say thanks to Roberto Urbanus who found an Improper Error Handling and Source Code Disclosure in our EasyAudit Exposure service, a passive vulnerability and reputation management system. In some conditions the registration failed and the returned object was NULL. When the following code tried to access that object’s properties, it failed showing a very verbose debug error handler.

The issue was caused by both not validating the registration and by an error in the routine that selected the correct error handler in production and in development.

Roberto reported on Sunday and we fixed it today (Monday), the new code is online and it also adds some nice new features!

Thanks again!

–Francesco Ongaro
CEO of ISGroup SRL

Standard