February 07, 2012 | IGSS News
Security update for SafeNet HASP
An input sanitization vulnerability in the SafeNet Sentinel HASP Software Rights Management (HASP-SRM) license management application which is used by IGSS version 7.0 and above to validate and activate IGSS installations.
The vulnerability could enable an attacker to change the code in the configuration file of IGSS when using the Sentinel HASP Admin Control Center web application, more specifically:
The web application Sentinel HASP Admin Control Center, which is accessed remotely, does not sufficiently validate user input. This characteristic can allow attackers to craft and inject HTML code into the configuration file.
The vulnerability can be reproduced using Mozilla Firefox 2.0. As of this writing (November 2011), it is not reproducible with the current versions of Mozilla Firefox, Microsoft Internet Explorer, Opera, and Google Chrome.
Source:
ICSA-11-314-01SAFENET SENTINEL AND 7T IGSS INPUT SANITIZATION VULNERABILITY
The vulnerability has been fixed and tested and is generally available for download.
Learn more here.
Download the security fix here.