I've redacted this post until we can figure out if there's something that we (Umbraco HQ) need to do about this. It's great that you want to know what to do about potential issues but in the interest of responsible disclosure, I would implore you to always discuss potential security issues with us first so as not to expose thousands of websites out there with an attack vector.
I'll get back to you as soon as we can evaluate the impact of the problems you posted.
Okay thanks for the update. I do need to get a working solution, so would be grateful if you could get back to me as soon as possible regarding the issues that I've raised.
Advice on results from pentration testing
Redacted
Whoa whoa whoa!
I've redacted this post until we can figure out if there's something that we (Umbraco HQ) need to do about this. It's great that you want to know what to do about potential issues but in the interest of responsible disclosure, I would implore you to always discuss potential security issues with us first so as not to expose thousands of websites out there with an attack vector.
I'll get back to you as soon as we can evaluate the impact of the problems you posted.
Hi Sebastiaan,
Okay thanks for the update. I do need to get a working solution, so would be grateful if you could get back to me as soon as possible regarding the issues that I've raised.
Thanks,
Eddie
Hi Eddie, we've published a security advisory today with additional concerns and fixes for them. http://umbraco.com/follow-us/blog-archive/2014/7/21/security-issues-found-in-umbraco-4,-6-and-7.aspx
Hi Sebastiaan, thankyou very much indeed. Eddie
Thanks Eddie for reporting. Umbraco gets better and better thanks to people like you.
is working on a reply...