Hello Isomorphic , could you please comment on this:
https://seclists.org/fulldisclosure/2020/Feb/18
?
https://seclists.org/fulldisclosure/2020/Feb/18
?
-
-
We're surprised you fell for this Claudio! These are scammers trying to pretend to be security professionals.
When you install the SmartClient SDK, you are installing a web-based development tool. So then you get a ... web-based development tool. Which, in order to function, must be able to read and save files, change server configuration, etc.
If you *deploy* the "tools" directory with your application, we already have extensive documentation explaining that it must be protected.
These guys contacted us a few months ago attempting to drum up business. We declined. So they posted a false security vulnerability about us. Just the usual bottom feeders. -
Exactly what I thought too. Thanks for the official response.Comment
Comment