Bentley Communities
Bentley Communities
  • Site
  • User
  • Site
  • Search
  • User
ProjectWise
  • Product Communities
ProjectWise
[Archived] Project Review Forum Critical software security bug in at least two Bentley products
    • Sign In

    • State Verified Answer
    • Replies 4 replies
    • Subscribers 12 subscribers
    • Views 2720 views
    • Users 0 members are here
    • Bentley Navigator
    • Bentley View
    • security bug
    • Navigator

    Critical software security bug in at least two Bentley products

    Richard
    Offline Richard over 7 years ago

    Whilst doing some research I have discovered a software security bug in Navigator that is also present in Viewer and could be in other products. I attempted to use the form www.bentley.com/.../contact-us-form to submit some details and ask for someone to get in contact with me but the page seems to be broken. Can someone please contact me on here ASAP regarding this.

    Thanks

    • Sign in to reply
    • Cancel
    • Louis Nadeau
      0 Offline Louis Nadeau Thu, May 26 2016 1:00 PM

      First, I’d like to thank you again for your security report; it is greatly appreciated. We investigated the information you sent and found the root cause of the crash in our code. We will correct this as soon as possible. However, it is important to understand that even though a crash is possible, it is not a security issue because the crash is not exploitable.

      If you find other issue like this in the future do not hesitate to report them to us. Thanks.

      [EDIT] At the bottom of the Trust Center page we added instruction for security researchers about security vulnerability reporting : https://www.bentley.com/en/trust-center 

      Answer Verified By: Louis Nadeau 

      • Cancel
      • Vote Up 0 Vote Down
      • Sign in to reply
      • Verify Answer
      • Reject Answer
      • Cancel
    • Paul Johnson
      0 Offline Paul Johnson Thu, May 12 2016 3:29 PM in reply to Richard
      I sent you a message


      This is a test

      • Cancel
      • Vote Up 0 Vote Down
      • Sign in to reply
      • Verify Answer
      • Cancel
    • Richard
      0 Offline Richard Thu, May 12 2016 3:24 PM in reply to Paul Johnson
      Thank you Paul - I have sent an email, but I received the following auto-response:

      "Important announcement from BENTLEY SUPPORT

      Thank you for contacting Bentley Support. We only accept emails that reference an existing Service Request (i.e. email subject: {SrvReqNo:[xxxxxxxxxx]} -- exact format required)."

      How shall we proceed?

      Best Regards,
      Richard

      @dickveal

      • Cancel
      • Vote Up 0 Vote Down
      • Sign in to reply
      • Verify Answer
      • Cancel
    • Paul Johnson
      0 Offline Paul Johnson Thu, May 12 2016 9:37 AM
      Good morning Richard,
      If you can send an email to support@Bentley.com with some details regarding your findings, I will have someone from our team work with you to investigate those security concerns.
      Thank you,
      ~Paul


      This is a test

      • Cancel
      • Vote Up 0 Vote Down
      • Sign in to reply
      • Verify Answer
      • Cancel

    Communities
    • Home
    • Getting Started
    • Community Central
    • Products
    • Support
    • Secure File Upload
    • Feedback
    Support and Services
    • Home
    • Product Support
    • Downloads
    • Subscription Services Portal
    Training and Learning
    • Home
    • About Bentley Institute
    • My Learning History
    • Reference Books
    Social Media
    •    LinkedIn
    •    Facebook
    •    Twitter
    •    YouTube
    •    RSS Feed
    •    Email

    © 2023 Bentley Systems, Incorporated  |  Contact Us  |  Privacy |  Terms of Use  |  Cookies