Re: Avid DUC not secure?
I explained enough issues. You don’t think it’s an issue, too bad. I don’t know any security person who would think this is not an issue worth fixing.
Want to guess how many Avid staff might reuse passwords or slight permutations on DUC and Avid in-house systems? Want to guess if they have a corporate password management system or hardware key/2FA authentication implemented for internal systems? Oh what goodies that might reveal?
Want to think what could happen if somebody MITM attacks and gets admin access to DUC and all the non-public info is scraped?
Security happens in layers, https is one of those important layers.
|