Talk:Ivanti

I read last comment about "big-brotherism" syndrom as a "desktop management" problem rather than a "only landesk" problem. I believe this should be cutted from this page pasted into a generical page talking about this market.

Articles for deletion/LANDesk
Result of AfD discussion was Keep. The person closing the discussion didn't get rid of the AfD template here so I removed it. Crypticfirefly 05:55, 27 February 2007 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on LANDESK. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://archive.is/20120710210645/http://infoworld.com/article/06/04/27/77825_HNavocentbrief_1.html to http://infoworld.com/article/06/04/27/77825_HNavocentbrief_1.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 07:38, 14 December 2017 (UTC)

Incorrect logo on page
The Wikipedia page as of now is using the logo from LANDesk and not Ivanti's new logo, need to get that changed.

New breach caused by 2 zero-day CVEs found in two products

 * https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
 * https://www.aktuellsakerhet.se/flera-stora-svenska-verksamheter-hackade-via-ivantis-sarbarhet/
 * https://www.helpnetsecurity.com/2024/01/16/ivanti-vpn-compromised/

Multiple large Swedish companies have been affected according to the second link. 1700 devices have been compromised according to the 3rd link.

“Victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals.”

Popen is a well known security risk.

This breach seems entirely caused by absence of any sanitation of input that come from the user which is really basic web security. Never trust the user (there is even an XKCD comic on the subject).

Also, running your home made C++ web server anywhere is a pretty bad idea.

Where are the public reports of pentesting? Such a testing would most probably have unearthed these vulnerabilities very easily, especially if the red team had been given access to the python code in question.

I'm surprised that anyone would pay for or use this product without documentation of proper security review by an external expert that is trusted. So9q (talk) 10:28, 22 January 2024 (UTC)


 * If they had used the security linter bandit during development, it would have issued a big fat warning for every Popen call. So9q (talk) 10:37, 22 January 2024 (UTC)

As there has been another massive security breach, CISA has ordered US administration to shut down their systems on short notice, German BSI issuing massive warnings... shouldn´t this be mentioned in the article??? BR, Oliver — Preceding unsigned comment added by 91.217.145.35 (talk) 14:13, 2 February 2024 (UTC)