Notified:  September 06, 2013 Updated: October 16, 2013

Status

Affected

Vendor Statement

Personal data security is extremely important to our company and we work continually to improve our product line.  In our release 8.0 product, available November 2013, we have made it significantly more complex to decrypt the password. The ODBC connection string in the registry file will be deleted and replaced with a new key with an encrypted string containing a number of different items. This new key would not be as easily identifiable and would contain items not associated with the application. The encryption key is created using an info:HR-created internal key that would be translated using the algorithm discussed in my previous email to create this registry key. The internal key is imbedded into the source code and is not stored anywhere in the application. Without knowledge of our internally-created key, the algorithm method used and the exact info:HR items contained in the string, decrypting the string would be very difficult.  All current support customers will be notified via email when this release is ready to be downloaded. Additional queries can be directed to Jerry Rowland, Chief Technology Officer or Andy Staniewski, President.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://infohr.net/