Security Issue for Project Directory Information Disclosure Vulnerability Note
Security researcher Alphazorx aka technically.screwed have reported via ZDI that a vulnerability may occur when a specially crafted URL could download certain files in the project directory.
IGX developers have patched the reported vulnerability and released the fix on the following day. The fix has been included in latest Release which can be obained at this link: http://www.integraxor.com/download/beta.msi?4.1.4369. All previous release before build 4369 will have this vulnerability impact. Please download and use this build or any later release to fix this vulnerability. We wish to take this opportunity to remind user to use VPN for any Internet facing system.
Summary of Event
- 07-Nov-2013: ICS CERT contacted IntegraXor support team.
- 08-Nov-2013: Technical report for the vulnerability is received.
- 08-Nov-2013: Security fixed is issued for validation & general download.
- 05-Dec-2013: ICS CERT proposed to proceed without researcher validation.
- 20-Dec-2013: Public announcement is made by IntegraXor support team.