techrevu Logo with link to Main Page  
PwC Sends 'Cease And Desist' Letters To Researchers Who Found Critical Flaw by Zack Whittaker
ZDNet.com, SECLISTS.org, ESNC News  ISBN/ITEM#: CM161221DESIST
Date: 21 December 2016

Links: ZDNet.com Article / SECLISTS.org Security Advisory / ESNC Security Advisory /

We really don't understand the actions of auditing and tax giant PwC, who upon being informed of a remotely exploitable bug in a security tool by a security research firm, inexplicably turned around and threatened legal action against Munich-based ESNC.

From release/information:

The researchers disclosed details of the flaw, despite receiving two written legal threats.

A security research firm has released details of a "critical" flaw in a security tool, despite being threatened with legal action.

Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access to an affected SAP system.

The advisory said that an attacker could "manipulate accounting documents and financial results, bypass change management controls, and bypass segregation of duties restrictions," which could result in "fraud, theft, or manipulation of sensitive data," as well as the "unauthorized payment transactions and transfer of money."

An attacker could also add a backdoor to the affected server, it read.

The researchers contacted and met with PwC in August to discuss the scope of the flaw.  As part of its responsible disclosure policy, the researchers gave PwC three months to fix the flaw before a public advisory would be published.

Three days later, the corporate giant responded with legal threats.

(Source: ZDNet.com, SECLISTS.org, ESNC)

Return to Index


We're interested in your feedback. Just fill out the form below and we'll add your comments as soon as we can look them over.
Name:
Email:
Comments
Loading
© 2002-2017TechRevu

advertising index / info
Our advertisers make TechRevu possible, and your consideration is appreciated.

Our Other Pubs:

Do You SFRevu? Thousands of Intelligent Beings Do Every Month

Gumshoe Review - a literary investigation.

  © 2002-2017TechRevu