Thank for your response again. The lem update issue is a problem because most infrastructure engineers dont know how to patch it because the product falls out of the normal patch cycle, they cant manage it as solarwinds has not given that option for them to do so. You digress from the points. If the client is on LEM 6.0 and dont want to upgrade the product because they are afraid of your bugs but want to patch the OS, they cant making it a security issue that solarwinds has control over. You have not answered my issue of the plain text syslog which can be exported out of the appliance with relative ease and expose the clients network and be sold for profit. You were the individual who brought up hacking in the first place but yet you refuse to accept potential threats. Personally in the real world i have seen this happen for myself and by the time the organisation in question could do anything about it, it had destroyed the domain controller, taking out the network, so how is an alert going to help.
In your initial point as designed by solarwinds, the clients should not have access to the physical system so i think they will be surprised. Only solarwinds has the sudo for this but anybody can access it without your sudo. That is why they would be surprised.
I am going to refrain from posting anything to do with patches for debian because i knew from the getgo that it was your intention to catch me out and last time i checked i did not fall off the back of a lorry.
Yes but you outlined a way of hacking LEM!!!! Its concerning that as a solarwinds representative you would do that to be honest and you are belittling it and not taking anything seriously about the feedback I dont know what started your thought process in relation to hacking but it was just plain silly really and undermines the hard work done by the developers. I think its disrespectful to be honest and to all engineers out there who work with this product, terrible attitude.
You could be spending your time now networking with developers in fixing the the vulnerabilities instead of chatting to me now.