Closed attritionorg closed 2 years ago
Hey mate, I can already see this incident:
| 2015-09-25 | Good Technology | Max Moser, Tobias Ospelt, David Gullasch | XSS in Good for Enterprise administration console | "Vendor provides legal threat against publication of advisory." No further details provided. |
There are updates since then however, https://www.modzero.com/modlog/archives/2015/09/24/on_responsible_full_disclosure/index.html
Adding now
https://www.modzero.com/modlog/archives/2015/09/24/on_responsible_full_disclosure/index.html
[..] The reason for this blog-posting is Good Technology. In June 2013 we identified a remotely exploitable vulnerability in Good's Mobile Device Management (MDM) Suite "Good For Enterprise" that allowed remote attackers to hijack administrative accounts. We followed common responsible disclosure principles and contacted Good, providing a timeframe of 45 days to fix a simple, persistent Cross Site Scripting related vulnerability. They asked for another 60 days and said they would like to provide "updates or corrections" to the final version of our advisory. However, Good used the remaining 50% of the E-mail to express their understanding of their certain license conditions and provided their legal standpoint "just FYI". [..]
Including here for records and/or digging into it more to determine if it warrants inclusion.