-----BEGIN PGP SIGNED MESSAGE----- On 12/7/01, an e-mail was sent to 7 different address @ Centra, four of these e-mail addresses were obtained directly from Centra's website; the remaining three addresses, taken from RFP's Policy, were added for completeness. On 12/17/01, ten days later, without a response from Centra, the posting was submitted to VulnWatch, BugTraq and NTBugTraq. The vulnerability described in the original posting is contained in the version available for download their website. Per Centra's response, they have chosen not to temporarily remove it until a fix is available. Anyone evaluating this software may install a vulnerable version and it is, therefore, highly recommended that you consider postponing any evaluations, and purchase decisions until Centra has made a non-vulnerable version available for download. ...And you've ascertained whether or not they have actually fixed it. As I'm sure you all know, one of the reasons vulnerability announcements are made is to test a company's effectiveness at dealing with security issues, one can learn a lot about how well you'll be supported this way. -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlsEARECABsFAjwrqvgUHHplZGZseUBodXNobWFpbC5jb20ACgkQUqpz3LoqFkl8dACe KyJM7lptQGnO3+8ICPj2KdBhQhkAoIxQlpP4zlW3cJspfxkt33oWGbR3 =IWEc -----END PGP SIGNATURE-----
