Centova Cast High vulnerality

Read 2783 times
It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.

|  1 | Hello,

I am a security researcher from Sweden,
having interest on web security and other focus areas.

Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.

I accidently discovered this dedicated cloud storage and was able to secure the fil                                                                                                                                                          es.

It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.

To prevent this i will remove all files from online storage above
and restore the database if needed.

        please send exactly 0.3 bitcoin (BTC) to the following
        bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka

email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.
The issue may be related to the security of your database more than to Centova Cast itself.
It seems that centova has a fairly large vulnerability, not more than 1 week ago I installed this application, which worked correctly, until one day I find that I can not connect, this after contacting the support I realize that the _WARNING table created I had a message above it says the following.

|  1 | Hello,

I am a security researcher from Sweden,
having interest on web security and other focus areas.

Your MySQL server(version 5.7.29), database "centova"
was breached by a 3rd party and files were backed up to cloud storage.

I accidently discovered this dedicated cloud storage and was able to secure the fil                                                                                                                                                          es.

It is scheduled to be sold online.
The short-term consequences of this data leak could be fees, fines and frustration.

To prevent this i will remove all files from online storage above
and restore the database if needed.

        please send exactly 0.3 bitcoin (BTC) to the following
        bitcoin address: 1AuqCQa13niBYfjyjHWaE6QRMSxwD8Mwka

email me in about an hour after the payment,
and I email you back the link to download the original
dump file centova.sql.gz created with mysql mydumper.

What version of CentovaCast we're you running at the time of the hack? A security fix went into the last release. Regardless I doubt the contents of your database would be of value to anyone at all... just my 2 cents.