|
|
Rank: Newbie
Groups: Member
Joined: 3/19/2020
Posts: 5
|
Hi,
We recently upgraded our EO.WebBrowser for .NET from version 17.0.40 to version 22.1.67. After doing this our corporate Veracode security scan is flagging the eo.base.dll library as having two very high security flaws.
a] string ancs(string, string)
b] void kchp(int, bool, tsbo_tscf_tscj.uwul_tscf_tscj)
Is this a known issue?
Do you have any plans to fix these security flaws?
Do you have any estimate when a fix would become available?
Thanks,
Gregory Riggs
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,217
|
Hi,
These two methods are safe. They are to support our built-in diagnostic features. One works with a "custom test", which is a special exe file that we will have to provide to you to run on your computer (in order to troubleshoot a problem), the other works with our DebugTools.exe (which is not distributed with your application) to collect thread information when you are in an active remote debug session with us. So you can safely ignore these warnings.
Thanks
|
|
Rank: Newbie
Groups: Member
Joined: 3/19/2020
Posts: 5
|
Hi,
Thank you for the reply. Could you please tell me:
1] Are there any protections to prevent a bad actor from taking advantage of these back door processes?
2] What specific things can these two methods do?
Thanks,
Gregory Riggs
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,217
|
These are not back doors. They are simply methods that will never be used in a production environment. Even if someone somehow manages to call those function, there is nothing for them to take advantage of. The first function calls our custom test exe module ---- similar to Process.Start. If they already have an exe file on your system they do not have to go through all the trouble to call it through our method, they can just call Process.Start. The second function collect call stack information for debugging purpose. It just collect information. It does not do any harm to your system.
|
|