[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)
Steve Tornio
steve at vitriol.net
Thu Feb 15 22:35:02 EST 2007
Sullo wrote:
> And secondly, if
> the Kwik-Pay person's goal is to keep the issue hush-hush and get it off
> the internets, I wonder if he's noticed the VIM archives over on
> attrition.org... :-)
>
>
I've actually had a little bit of an email exchange, and he's a lost
cause. Somehow, the fact that OSVDB included the filename of the
default database as a vector is a cardinal sin, and horrifyingly
inaccurate, but databases existing unencrypted and available to any
local user isn't a big deal. So, I modified the entry to be more like
Secunia, and state that all databases are trivially available, and
that's somehow better in his mind.
Oh well, he also said I need to find a more productive use of my time.
Like not continuing my discussion with him, I think :)
Steve
More information about the VIM
mailing list