Where to report vulnearbilities?



  • On 28/05/2018 at 02:44, xxxxxxxx wrote:

    Hello PluginCafe,

    so yesterday I was thinking about how I could make my plugins more secure. 
    After a while I got to the exact opposite where I tried to "crack" my own plugin to see how secure they where. And I found a major vulnearbility within Cinema4D. With that I mean that I was able to get the complete source-code of a encrypted python plugin.
    I won't go into detail now, for obvious reasons, but what I want to know is where to report such cases to?

    The normal Maxon support? 
    Or is there a specific place to report to? Since it is largly plugin related I thought I ask here.

    Best regards, 
    Florian



  • On 29/05/2018 at 06:56, xxxxxxxx wrote:

    Hello Florian,

    as our user documentation mentions, the source protection is not a 100% secure encryption. To quote the docs: "It offers low-level protection, which can be circumvented by those with corresponding technical know-how."
    That said, you may still have found an undesired issue. In this case feel free to simply write us an email (sdk_support@maxon.net) describing the issue in more detail.


Log in to reply