Centova Technologies Forum

Centova Cast v3 => General discussion => Topic started by: psychopulpo on January 25, 2020, 03:45:54 pm

Title: Centova Cast High vulnerality
Post by: psychopulpo on January 25, 2020, 03:45:54 pm

It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.

|  1 | Hello,

I am a security researcher from Sweden,
having interest on web security and other focus areas.

Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.

I accidently discovered this dedicated cloud storage and was able to secure the fil                                                                                                                                                          es.

It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.

To prevent this i will remove all files from online storage above
and restore the database if needed.

        please send exactly 0.3 bitcoin (BTC) to the following
        bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka

email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.

Title: Re: Centova Cast High vulnerality
Post by: radioparanormalium on January 29, 2020, 12:55:03 pm

The issue may be related to the security of your database more than to Centova Cast itself.

Title: Re: Centova Cast High vulnerality
Post by: Dr Bunsen on February 05, 2020, 04:08:49 pm

Quote from: psychopulpo on January 25, 2020, 03:45:54 pm

It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.

|  1 | Hello,

I am a security researcher from Sweden,
having interest on web security and other focus areas.

Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.

I accidently discovered this dedicated cloud storage and was able to secure the fil                                                                                                                                                          es.

It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.

To prevent this i will remove all files from online storage above
and restore the database if needed.

        please send exactly 0.3 bitcoin (BTC) to the following
        bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka

email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.

What version of CentovaCast we're you running at the time of the hack? A security fix went into the last release. Regardless I doubt the contents of your database would be of value to anyone at all... just my 2 cents.