Laziness is no excuse for not reporting vulnerabilities to a vendor first. If you can sign up to bugtraq to report an old, already fixed hole, then creating a bugzilla login surely can't be too much trouble.
You can simply email security (at) cpanel (dot) net [email concealed] with information as well.
As a vendor we take legitimate security concerns very seriously and usually have a fix released within a few hours of notification, it's a shame some people don't try to take advantage of this effort.
If you read the changelog you would have noticed this was fixed over a month ago.
http://layer1.cpanel.net/ChangeLog.cgi?output=html
Laziness is no excuse for not reporting vulnerabilities to a vendor first. If you can sign up to bugtraq to report an old, already fixed hole, then creating a bugzilla login surely can't be too much trouble.
You can simply email security (at) cpanel (dot) net [email concealed] with information as well.
As a vendor we take legitimate security concerns very seriously and usually have a fix released within a few hours of notification, it's a shame some people don't try to take advantage of this effort.
[ reply ]