Multiple Vulnerabilities in BitDefender website

[Viking]

A Security Researcher from crackhackforum.com, Rynaldo, has discovered multiple Vulnerabilities in one of the Biggest Antivirus company called "BitDefender".

The researcher claimed that he sent several emails to BitDenfender's team, butthey haven't responded nor fixed the vulnerabilities neither.

"The website is having several reflected XXS vulnerabilities and the CSRF
vulnerability. Also I have found a way to cause DOS attack on the local
server to take BitDefender temporarely down." Rynaldo said.

CSRF attack : https://my.bitdefender.com/en_us/my/#page=account.index hacker is able to perform CSRF attack to change the details on the user's profile.CSRF tokens aren't implemented and password isn't required to change information on the profile.

http://www.ehackingnews.com/2013/01/multiple-vulnerabilities-in-bitdefender.html

 

[Littlebits]

I reported this problem to BitDefender awhile back and it still is not fixed.

Read Here- http://malwaretips.com/Thread-MyBitDefender-Dashboard-bugs

Thanks.

 

[Payback]

A kick in nuts for people who bought BIS...The company cannot even protect their own site,why would it protect the users which are using it...

 

[rebel4life]

i uninstalled bitdefender internet security because it was blocking everything so maybe more stuff was hacked into and not just the web site did anyone else had problems yesterday with it

 

[jasonX]

A kick in nuts for people who bought BIS...The company cannot even protect their own site,why would it protect the users which are using it...

That came to my mind yesterday as I installed a trial of BitDefender IS 2013. Can even create an account for it..reverted back to a system image without it.