Centova Technologies Forum
Centova Cast v3 => General discussion => Topic started by: psychopulpo on January 25, 2020, 03:45:54 pm
-
It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.
| 1 | Hello,
I am a security researcher from Sweden,
having interest on web security and other focus areas.
Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.
I accidently discovered this dedicated cloud storage and was able to secure the fil es.
It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.
To prevent this i will remove all files from online storage above
and restore the database if needed.
please send exactly 0.3 bitcoin (BTC) to the following
bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka
email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.
-
The issue may be related to the security of your database more than to Centova Cast itself.
-
It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.
| 1 | Hello,
I am a security researcher from Sweden,
having interest on web security and other focus areas.
Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.
I accidently discovered this dedicated cloud storage and was able to secure the fil es.
It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.
To prevent this i will remove all files from online storage above
and restore the database if needed.
please send exactly 0.3 bitcoin (BTC) to the following
bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka
email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.
What version of CentovaCast we're you running at the time of the hack? A security fix went into the last release. Regardless I doubt the contents of your database would be of value to anyone at all... just my 2 cents.