bit-tech.net

Nvidia downs customer service portal over SAP bug

Nvidia downs customer service portal over SAP bug

Nvidia has been forced to disable access to its NVCare customer service portal, following the discovery that it was vulnerable to a serious three-year-old software vulnerability.

Nvidia has been forced to disable access to its customer service portal following the discovery that it was vulnerable to a three year old vulnerability in its back-end software.

The NVCare website, used for customer support and warranty claims, has been deactivated by Nvidia following the public disclosure of a vulnerability in its back-end platform on the Full Disclosure mailing list earlier this week. According to the poster, identified only by the alias Finger, the bug was first reported to Nvidia on the 21st of November but with no response prior to the public release of the details.

Embarrassingly for the company, the flaw highlighted in the report was not a new one: the vulnerability in SAP's NetWeaver software was patched by the company around three years ago, but Nvidia appears to have neglected installing updates on the platform for at least that long. The flaw was rated as significant by the company, allowing a remote attacker to create a new administrative user and assume full control over the server - including the ability to access customer data.

That, Nvidia claims, has thankfully not happened. 'At this point, we have no evidence that customer data was compromised,' claimed Nvidia's Bob Sherbin in an email to Techworld regarding the flaw. 'We are continuing to investigate the matter.'

At present, the portal - normally accessible at nvcare.nvidia.com - is still inaccessible, with no date provided for its restoration.

1 Comment

Discuss in the forums Reply
Corky42 9th January 2014, 11:58 Quote
Yet another example of why its reckless to trust company's with your personal details.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums