[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Norman Internet Update Deamon sends cleartext license key on update

I just discovered, that the linux norman internet update deamon
(niu) sends our corporate license key in cleartext over http when
the first update is triggered. Output of niu --trace shows

SelectNextValServer (1): first: 0
ExtractValServer: 0 from 'niuone.norman.no': Found 'niuone.norman.no'


asdfa-asdfa-asdfa-asdfa-asdfa is our key.

Norman confirmed the bug but did not provide a timeline for any updates.


cubewerk ------------------------------ stefan.bauer@xxxxxxxxxxx
IT-Beratung + Planung ------------------- Tel +49 8621 996 02 37
Herzog-Otto-Straße 32 ------------------- Fax +49 7211 513 38551
83308 Trostberg -------------------------------- www.cubewerk.de