Sunday, May 24

Exploit

Exploit, Software

Kayako Fusion Exploit uncovered CRITICAL

Recently I noticed in testing the Kayako Live chat and support software labeled as Fusion (most current version) has an exploit. In lengthy chat conversations with their tech teams, they have classified this exploit as a "optional feature" missing from the current version. They sent me to this developer link. Hmm. Here's the scenario. You have a current protected knowledgebase of information, available only to paying customers. Customers that you have to whitelist or allow as registered users. You also use their mail parser mechanism for parsing emails from customers (and all others). To exploit the passworded and [level-premier-free]permissioned knowledgebase, one only needs to send an email to one of any potential parsed domains (parsed via Kayako Fusion) and you are automatically whi...
Exploit, Software

Kayako Fusion parser error Invalid Data Provided

Kayako Fusion parser error is discussed here which should help those who are having the same issue with Kayako. We have been using Kayako Fusion for several years now and are a very dedicated and participatory customer of Kayako.  Recently we noticed a bunch of emails that were being rejected in the parser as "Invalid Data Provided".  Googled for a great deal of time and could not locate the culprit.  In making changes, I would reprocess the email to see if it would reset. One thing that I did, in migrating from an earlier version of SupportSuite, the software created another Template Group.  I deleted the template group that was from the older version and tweaked the default with necessary customizations.  That broke it and caused the parser error Kayako's Fusion keeps the parser...