Clop seems to be on a roll, first with GoAnywhere and now with Moveit
Yet another proprietary security solution turns out not to have been as secure as advertised, and it’s easy to see why: companies that sell software are motivated not to make it secure, but to develop it as quickly as possible with as few developers as possible and then add as many features as often as possible.
I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)
Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)
SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who’s working too hard. But SQL injection vulnerabilities are the result of doing something we’ve been taught for decades to never do, so I can’t imagine any excuse for this.