Bug report

Discussion in 'ESET NOD32 Antivirus' started by Eagle Creek, May 18, 2012.

Thread Status:
Not open for further replies.
  1. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    I've discovered what looks like a bug, which could expose your license information to someone who has physical access to your computer.
    As far as I can tell, there's no mitigating circumstances, since using a password to protect the settings, doesn't make a difference.

    The issue has been tested using Windows XP SP3 (Dutch) and ESET NOD32 5.0.95.0 (Dutch).

    Since my NOD32 is in Dutch, and I don't have an English version to check, I'll try to translate the menu options the best I can, but I can't guarantee they are 100% correct.

    1. Open the NOD32 main screen
    2. Go to update
    3. Click "Product activation" (after 'product activated')
    4. Click "Next"
    5. Right now the user name is visible, but the password isn't. The box to show the password has been greyed out. However:

    6. Select the password.
    7. Press delete.
    8. Press ctrl+z

    Now the show password box is clickable, and the password is being reveled to the user.

    Especially in shared computer environments, this is an unwanted situation (though not such an enormous security risk it would be responsible to post this in public, in my opinion).
     
  2. Hollowstriker

    Hollowstriker Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    50
    I can confirm the bug exists as described on Windows XP SP3 (English) and ESET NOD32 5.0.95.0 (English). As mentioned, ordinarily the "show password" box cannot be selected (is greyed out) to prevent viewing existing information. But once the CTRL-Z trick is used, it does allow the user to view the existing password.

    EDIT: I tested it with the latest builds of ESET NOD32 (version 5.2.9.1/version 6.0.11.0) - the bug exists in the new versions as well.
     
    Last edited: May 18, 2012
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Developers have been notified. Thank you for the report.

    Regards,

    Aryeh Goretsky
     
  4. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    You're welcome.
     
Thread Status:
Not open for further replies.