[Fixed in 2.4.2] Microsoft Windows Unquoted Service Path Enumeration

Unimus support forum
Post Reply
ablanken
Posts: 5
Joined: Fri Jun 21, 2019 12:26 pm

Wed Nov 15, 2023 9:09 pm

Hi there,

Our vulnerability scanner (Nessus) is reporting an issue with the Windows installation of Unimus as shown below:
Screenshot 2023-11-16 095834.png
Screenshot 2023-11-16 095834.png (53.44 KiB) Viewed 17777 times

Screenshot 2023-11-16 095814.png
Screenshot 2023-11-16 095814.png (37.35 KiB) Viewed 17777 times


This issue can be corrected manually via registry change as shown below (double quotes around service path) but it would be best if the installer did this by default.


Screenshot 2023-11-16 100158.png
Screenshot 2023-11-16 100158.png (6.85 KiB) Viewed 17777 times
Top
ablanken
Posts: 5
Joined: Fri Jun 21, 2019 12:26 pm

Thu Dec 14, 2023 3:55 am

After installing the 2.4 upgrade, we had to manually add double quotes around the service path.
Top
User avatar
Tomas
Posts: 1221
Joined: Sat Jun 25, 2016 12:33 pm

Thu Dec 14, 2023 4:01 am

Apologies on the delays processing this one. We have been putting all our resources into finishing 2.4, which turned out to be more work than we expected. Now that 2.4 is out, the team will investigate this one, and fix it on our end (in the Installer).

Sorry again this took so long.
Top
User avatar
Tomas
Posts: 1221
Joined: Sat Jun 25, 2016 12:33 pm

Tue Feb 20, 2024 9:50 am

ablanken wrote:
Wed Nov 15, 2023 9:09 pm
 This issue can be corrected manually via registry change as shown below (double quotes around service path) but it would be best if the installer did this by default.
Hi, just an update that we have changed / fixed this. Starting with 2.4.2 (coming out before the end of February), the installer will enquote the ImagePath.
Top
ablanken
Posts: 5
Joined: Fri Jun 21, 2019 12:26 pm

Tue Mar 05, 2024 8:59 am

That's great - thanks for the update!
Top
Post Reply

Return to “Support”