Thursday, July 2, 2015

Spiceworks Hit By Security Vulnerability

Austin-based IT management software developer Spiceworks, said Wednesday that its users discovered a security vulnerability in its latest, desktop software, which resulted in disabling a feature and a security patch. According to Spiceworks, the vulnerablity--in its Spiceworks 7.4 Desktop application--had the potential to put users at risk, but that the security issue only hit sixty instllations, none of which appear to have been exploited.

Spiceworks said that, as a result of the vulnerability, the company is re-evaluating its development and test processes, adding code audits and test plan reviews across its team, better educating employees to escalate similar security issues, and better centralize its security. The security issue was identified on June 22nd, and involved a hole which exploited social sign-ons to allow anyone to sign on as an administrator to the software.

---