On December 7, one of our users reported a security hole in Tender that permitted anyone to read comments in a discussion (public or private) based on a hidden URL used by a feature in Tender.
We immediately started a thorough investigation and deployed a fix for the security hole within a few hours of being notified of the issue.
We have spent the last several weeks reviewing available data and there is no indication that anyone has made unauthorized access to private comments in Tender. However, users have been known to occasionally post private information such as passwords into public comments. It is best to make sure that information gets updated as soon as possible.
Our thanks go out to Phil Taylor for being the White Hat who found the hole and reported it right away.
Loading tweets…
Our Products
Our Open Source Projects
- astrotrain – simply the best email processing solution out there.
- Seinfeld – automatic tracking of your open source contributions to github projects.
- warehouse – still using subversion? Get the best source browser out there.
- xtt – time tracking built for the add & twitter inclined.
- GitNub – OS X GUI for tracking git logs.
2 Comments
While not a security hole, we have found our users to change items to public when they submit requests via the form, and if you don’t keep an eye on it internally, the thread may end up with private information in it. Just something for users to be mindful of :)
Nay company this open about security breach is a good one. So few will tell you this much info. Kudos.
Make your voice heard
Sorry, but comments are closed for this item.