shymega
commented
3 years ago Hi. Thanks for the report. Given this is a serious security vulnerability, perhaps it should be reported to an email address to me and the other devs directly - but that's not set up yet. I'll look into that... we have another report as well, so obviously we have some vulns that need looking into. Rest assured, we are looking into this - I'll keep the issue open for now.
Thanks again!
starmaid
Describe the bug I've noticed that the service path created in windows registry is unquoted - which can cause a vulnerability. see https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae for example
To Reproduce
Steps to reproduce the behavior:
Expected behavior Ideally value should be quoted e.g. "C:\Program Files\Barrier\barrierd.exe" - becuse of the space in 'Program Files'
Desktop (please complete the following information):