Nessus Scan reports service with untrusted path


#1

When performing a Nessus security/penetration test on the server which has SLQBackupFTP installed, the scan reports a potential vulnerability with a service that contains a ‘space’ in the path.

Nessus found the following services with an untrusted path :
SQLBackupAndFTP Client Service Watchdog : C:\Program Files (x86)\SQLBackupAndFTP\SqlBak.WatchDogService.exe
SQLBackupAndFTP Client Service : C:\Program Files (x86)\SQLBackupAndFTP\SqlBak.Service.exe

Per their recommendations (found at http://www.nessus.org/u?84a4cc1c), I am passing this along to the development team so that it can be addressed in future versions.
Ensure that any services that contain a space in the path enclose the path in quotes.


#2

Hi Michael_O_Connor,

Thank you for the issue reporting. Please give us some time to check this case.

Sorry for the inconvenience.


#3

Hi Michael_O_Connor,

This issue has been fixed. The fix will be available in the next release.

Sorry for the inconvenience.