Fix Incredibly Lax Security in Update Software For Mac

First, I love the product, so this is not a knock on the product. However, as an IT professional, software developer and conscious of security concerns, I see a serious security flaw in your software used to update the firmware. With no other hardware product I have ever purchased have I had to give the update software my administrator password information. Worse, the software retains the password over time. Worse, when launching the software, while I can't copy it, I can determine the true length of the password. Unforgivable is that you store the password unencrypted in the application file "SENABluetoothDeviceManagerArchive/SENABluetoothDeviceManager.sbdmconf". I can quite literally open this file in a text editor and see the stored ADMINISTRATOR password.  This is for the MAC version of your software, I intend to see if your Windows version has the same incredibly lax security. 

I would strongly recommend you consider this a serious security issue and update the software to update the firmware immediately or recommend users do what I did which is...

1. Changed my administrator password to something else temporarily to run the software.

2. Ran the software to update the firmware.

3. Deleted the software completely from the Application directory and emptied my trash

4. Changed my administrator password after installing the software.



Please sign in to leave a comment.