[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)

Steven M. Christey coley at linus.mitre.org
Thu Feb 15 00:45:45 EST 2007


Oh yeah, Gadi/Aviram - Brian and I have adopted an informal policy of
stripping out vendor email addresses for disputes, since some might be
private.

CVE has no opinion on this dispute.

- Steve

---------- Forwarded message ----------
Date: Thu, 15 Feb 2007 14:15:27 +1000
From: Kwik-Pay Support
To: cve at mitre.org
Subject: CVE-2006-1050 (under review)



It has just been brought to our attention that you have created this 'security
problem' regarding our software.
Why is that no-one from your organisation contacted us prior to publishing that
information or even since?
The kwikpay.mdb file supplied with kwikpay is a template for the database
structure of user databases created by kwikpay and to store a demonstration
payroll. It does not contain any sensitive user information.
When a user payroll database is opened, the encryption of the database is
checked and if the database is not encrypted, the user is prompted to encrypt
the database, but the choice is the customers. Data in the database is intended
to be accessible to the user for other applications such as Excel. It is
entirely the user's choice as to whether they enforce security. The data belongs
to them not kwikpay.
Please update your notice to indicate that no problem exists.
Alastair Robertson





More information about the VIM mailing list