Jump to content
MrGettingRatherFrustrated

Default FTP Backup Password Value

By MrGettingRatherFrustrated, in Admin & Configuration Questions

Recommended Posts

MrGettingRatherFrustrated    0

MrGettingRatherFrustrated
Posted

I reported a security vulnerability to WHMCS a week ago,Ā  the logged a ticket which has now been closed.

The vulnerability relates to a hardcoded password in WHMCS installations - can someone please give me the contact details of whoever is responsible for security

0

Share this post

Link to post
Share on other sites

Kian    317

Kian
Posted (edited)

There's no need to spam opening 6 threads. Submit another ticket or reply to the existing one and wait.

There are hundreds of bugs and vulnerabilities in this software so don't panic šŸ¤­ It's part of the game.

Edited by Kian
0

Share this post

Link to post
Share on other sites

Kian    317

Kian
Posted (edited)

I'm using this software since 2007 and I've seen plenty of disasters. Some of them still exist.

That said, there's no "special" way to contact WHMCS. Even if you think your issue is special. Submit a new ticket or reply to the existing one.

Edited by Kian
0

Share this post

Link to post
Share on other sites

MrGettingRatherFrustrated    0

MrGettingRatherFrustrated
Posted

As I'm sure you know logging tickets with the support team is a fairly pointless task - they even tried to defend that this wasnt that big a deal.

This isnt "my" issue - this is a risk to all customers, having identified it I am protected as I have been able to mitigate/neutralise the problemĀ 

I need to bypass the hell desk and reach someoneĀ competent, I was rather surprised to discover that they don't have a published security contact.

-1

Share this post

Link to post
Share on other sites

Kian    317

Kian
Posted

There's no way to bypass help desk especially because it's the weekend. If the problem is so serious you could set WHMCS in maintenance mode. You could also try describe the problem here.

0

Share this post

Link to post
Share on other sites

WHMCS John    212

WHMCS John
Posted

Hi there,

Whilst a support ticket may be close indicating the end of the particular interaction with the support team on a matter. The case opened with the development team remains open independently and will be addressed according to the severity determined by our team.

In this particular case, a default FTP backup password value has been assessed as not representing a security vulnerability without an accompanying hostname or password. However we're certainly appreciative of the report and will address it in a future update. Thanks for your bug report.

We encourage and reward responsible disclosure of genuine security concerns via our bounty program:https://www.whmcs.com/security-bounty-program/

For information on how we handle bug reports, please refer to: https://docs.whmcs.com/How_we_handle_Bug_Reports

0

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept