ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

ESET Updates unencrypted

ESET Logo

ESET does not use encryption for updates and is prone to man in the middle attacks.

In particular, the recently discovered security gap in ESET (CVE-2016-0718) illustrates the impact that a lack of encryption could have been combined.

Vulnerability - Client Updates 1)

When a client wants to update its signatures, it establishes a HTTP connection to the repository server – this connection is unencrypted and vulnerable to man in the middle. If there is no signature check, it is possible to inject malicious code.

Vulnerability - ESET Remote Administrator Repository Updates 2)

Updates from the ERA servers are also unencrypted, which is why a man in the middle is also possible here.

Protection

A TLS certificate costs no more than € 10 per domain for the two domains per year. The vulnerability was confirmed to us by ESET – we did not receive an answer as to whether this vulnerability should be fixed.
At this point, we expect better communication and more transparency from a security manufacturer.

Does your IT have Vulnerabilities?

We check it out!

Inquire now

Zuletzt aktualisiert am January 14, 2022

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap