The exposed server contained the company’s downloadable software — including a code-signing certificate.
By Zack Whittaker for Zero Day |
Keeper, an embattled password manager maker currently suing a news reporter for defamation, left a server hosting the company’s installer files exposed with full permissions, allowing anyone to access and replace files with malicious content, a security researcher told ZDNet.
Chris Vickery, who found the exposed server, immediately notified ZDNet of the exposure. We reached out to Keeper by phone and email on Friday. Within an hour of disclosure, the server had been secured.
Powered by WPeMatico