Huge security hole in Eset's Licensing!!

Discussion in 'ESET Smart Security' started by berryracer, Aug 10, 2012.

Thread Status:
Not open for further replies.
  1. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    I need a moderator to contact me immediately so I can show you how easily one could get people's username / password and use their licenses on the Eset page!!

    I am shocked that an Antivirus company can make it very easily for people to steal usernames / passwords!

    Thank god I didn't renew my license!

    Once I am contacted I will show you how easily you can steal anyone's username / password so you can pass it on to the concerned department!
    -------------------------------------------------------------------------------------------------------------------------------------------------------------

    I have found a very easy way to steal someone's Eset license directly from the Eset site,

    Pls inform Eset that I am ready to show them exactly how to replicate this security whole which allows anyone to view someone else's password if they know his email


    I expect to receive a 2 year license for ESS valid to be installed on 3 PCs if I prove to Eset how an ESS license can be stolen and an easy fix to this security hole
     
    Last edited: Aug 10, 2012
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    And if they refuse to give you a free License will you refuse to help?. DHYB on the free license.:cautious:
     
  3. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    well I am doing them a HUGE favor because if you see how easy it is to grab someone else's license your jaw will drop in awe if you see that a big security company such as ESET makes it very easy for others to steal their customers' licenses

    I have nothing to lose, I am doing a favor to ESET and I expect a small reward. Asking for 1 license is worthless if you look at the glitch I have accidentally found

    Also, I have been using Eset's products since 8 years and paying them annually this is the least I deserve I think
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well if its as you say,then thats not good at all and probably should be a private matter.Perhaps a PM of one of the Eset support staff at wilders.
     
  5. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    yes exactly, I am waiting for a PM for someone from the mods to discuss this :)
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can PM me if you're able to prove how to get a "victim's" license details without having access to the user's computer/network.
     
  7. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Hi, I have sent you a PM
     
  8. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    well im for sure interested though i highly doubt eset would have a exploit like this not defending them or anything but this kind of stuff normally has a ton of time put in and yes i know many av's have exploits. but im for sure interested to see what comes of this.
     
  9. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    I just sent the proof to the mod and he verified it, NEVER say never ;)
     
  10. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    You seem like you have discovered moon. It is a well known fact, the temporary trial licenses (30 days) for ESET are available as warez. It is their policy.......
     
    Last edited by a moderator: Aug 11, 2012
  11. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    which is what i was thinking^^
     
  12. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    what the heck are you talking about? What trial license? I am talking about a breach that could allow ppl to steal others' full and valid licenses

    *
     
    Last edited by a moderator: Aug 11, 2012
  13. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    Yeah but without the victims registered e-mail address there is no risk , or if there is then that would be a concern im sure
     
  14. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    It is still a risk, I know a few people's email addresses that I was able to get their licenses, for testing of the security hole only I didn't misuse this

    It's been fixed now :)
     
Thread Status:
Not open for further replies.