Reprise Software Refuses to Patch Vulnerability in Reprise License Manager

Repeat Software has declined to fix the issue in its Reprise License Manager (RTM) which has been identified by SpiderLabs at Trustwave.

Identified by security specialist, Adrian Pruteanu, the issue occurs by running on the non-standard port 5054 where of course RLM’s web server does not require verification. Assailants can determine a personal permit record on the server to peruse and change which could bring about data spillage or remote code execution utilizing the transfer of malware.

Pruteanu said that amid an ongoing infiltration engagement, he ran over an especially intriguing web application called RLM, running on the non-standard port 5054. This frequently got his attention. After a touch of jabbing around, he could recognize a basic defenselessness which enabled him to execute code on the server, in the long run prompting full space trade-off.

He proceeded with that lamentably, regardless of my earnest attempts, the seller has declined to issue fixes as they don’t trust these discoveries to be vulnerabilities.

In its reaction to Trustwave, Reprise composed: they advise end clients not to run the RLM server – which executes the web server – in advantaged mode. There is no reason it needs to keep running with hoisted benefits. The permit and alternatives record editors in the web interface are not any more perilous than Notepad or Wordpad.

The vulnerability was reported to Reprise on May 16, 2018, with the seller ending correspondence on May 29.

Leave a Reply

Disclaimer: is an independent technical support service provider for McAfee products. We are a independent support specialist organization for software related issues in portable PCs, desktops, gadgets and peripherals. Utilization Of McAfee Name, logo, trademarks and its images is just for reference and not the slightest bit propose that has any business relationship with McAfee. McAfee trademarks, names, logo and images are the property of their separate proprietors. We holds no affiliation or association with any of these brands or outsider organizations and exclusively offer help benefit for the item issues confronted by clients. On the off chance that your product is under warranty, you may get free support service from the brand proprietors.