bypassing password function in the program, and killing function(s)

Blasterbuster
edited May 2017 in Vulnerability


I can turn autopilot off without the need to type in my password. (And I have activated my password function!)


The trick that can do this is just by hitting the paranoid switch to 'on'. This on goes to 'off' 2 sec later, but ALSO resets the autopilot to 'off'!


Now both paranoid+autopilot are OFF. This cannot be good.


I think bypassing password functions like this to adjust important settings is not good.


Maybe this trick goes for lot's of functions (I only checked this one). That would mean that anyone making a 'push paranoid-switch' macro (click on icon in tray, then (after coding the bitdefender page to be openen full screen, or on place 'A', or knowing where/how big it always opens on a/the pc) go to place mouse position 'x', click there, then got to coö  'y' click there, and the switch was turned) can kill one/some password-needed function(s) without needing to type passwords.




*Coding mouse to click on logical places/coordinates is not hard. There are only so many places an opened bitdefender's screen can be, therefore only so many places where the menu buttons are. Going to all these possible places and letting the mouse click=activating bitdefender menu options, and pushing buttons in it.


With the above example I can kill certain mechanics inside BitDefender while not having to use passwords.


 


The way to make sure if mouse  clicking on stuff is actually someone clicking a mouse is by doing an USB mouse activity check. No current/activity from physical mouse on things passwords need=interloper. (beware that joystick games macro might involve using mouse coordinate code, like the code I made for my T16000M joysticks in T.A.R.G.E.T. software, so not all mouse code will mean evils are doing stuff on the pc. Macro program executing mouse code should be in the trusted deppartment inside BD..... unless trying to do stuff needing BD passwords ofc. A popup telling that software tries to move the mouse will work. Gamers can then say they are doing it themselves at that time. Hackers can ofc hack/use used gaming-macro programs so beware of putting it at 'trusted programs'. Hackers count on peeps putting things in the 'trusted' place. No more checks=I can do what I want now.)