November 20, 2012
|
A security researcher demonstrated zero-day vulnerabilities in MSP platforms of Kaseya and ManageEngine, according to a report.
The researcher, whose name was withheld, presented the findings at the Kiwicon security conference in Wellington, New Zealand, according to SC Magazine in Australia. In the demonstration, the researcher created an administrator account on Kaseya by injecting malicious script into a registry key used by the Kaseya user agent, according to SC Magazine. The script was accepted due to a vulnerability in which the MSP failed to properly validate its database, according to the report. |
Return to Pagoda Blog Main Page |