SQL Monitor Security Vulnerability

jstrate · October 16, 2018 2:52PM

We received an email today regarding a security vulnerability in SQL Monitor. Based on the email design, it looks like a phishing attempt. If this does exist, can someone point me towards documentation on the issue?

RavishingR · October 16, 2018 3:03PM

After looking around I followed the link to here:
https://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability-october-2018?_hsenc=p2ANqtz-97lQw3tt0suK3nMLAp3VN8zzIu5Ct1J7DDYs05efPgPd4NVY3JSuZPbj02ZVKN6D94EWGgvdIJsaRapf4T1Dp9lMqotp8yO5bWEpDt2GbGSDe4Hs4&_hsmi=66718880
It was definitely bad practice hiding a download link behind a sketchy looking url router like "Hub Spot Email". The email should have said to go to the website and find it yourself.

webpursuits · October 16, 2018 2:54PM

I received the same...legit?

jeffchirco · October 16, 2018 2:56PM

I received as well and I agree the email looks like a phishing attempt. I forwarded it to my rep. Glad I wasn't the only one to think this.

Russell D · October 16, 2018 3:05PM

The announcement is legitimate.

DarienA · October 16, 2018 3:07PM

Came to search for this very topic, this email looks sketchy as heck, I'll be emailing my sales rep to point out the issues with it.

mikewerts · October 16, 2018 3:12PM

This is indeed legit. The following link show upgrade notes for 8.0.19 but doesn't mention security...

https://documentation.red-gate.com/sm8/release-notes-and-other-versions/sql-monitor-8-0-release-notes?_ga=2.104009344.1887869072.1539701317-1721444002.1519999268

jeffchirco · October 16, 2018 3:15PM

Pretty funny that the vulnerability is about being tricked into visiting a malicious link but that is exactly what the email wanted us to do.

TMowbray · October 16, 2018 3:17PM

Can someone from RG comment as this looks really odd and I have logged it with our service desk as a phishing attempt. The from is supposedly CEO Tony Payne, yet your site info has another name....I too looked at the hubspotemail as a funny address to follow, same for the link that was supposedly to your site. This needs to be officially corrected before I will believe it.

BryanEargle · October 16, 2018 3:23PM

Agree it's weird, looks like the release notes now mention the security fix - guess it was added after release notes were originally posted?

Alex B · October 16, 2018 3:35PM

Hi all,

Yes, the links are legitimate - as @Russell D above indicates - they are going through our hubspot which makes these somewhat unsavory looking links. The links posted above are direct to the pages themselves and are where the hubspot links are directed.

The email is from Tony Payne COO (Chief Operations Office) which is correct; Simon Galbraith is the CEO.

We agree that the links look extremely suspicious (especially given the circumstances) and we have fed this back to our internal teams.

Also, the release notes have just been updated with the extra information now that the email has been released as seen above.

My apologies for the confusion and scare!

Kind regards,
Alex

kfrazier · October 16, 2018 3:40PM

I emailed my rep last week due to receiving an email from with hubspotemail link. I think they are using hubspot as a marketing tool to track clicks. This is shady and I refuse to click on these links. I have to manually find the answers. I think it is a very poor decision on red-gate's part as everyone is getting training not to click on links like this and companies are doing test to see who does click on links like this and sending them for training or discipline. If anybody of any power is reading this please stop this is a very poor practice.

jeffchirco · October 16, 2018 3:47PM

I agree kfrazier. We do the same training here.

Sian · October 16, 2018 3:59PM

Does anyone know in what version of SQL Monitor this security vulnerability was introduced?

DarienA · October 17, 2018 9:38AM

This is the email I sent to my sales rep today:

Hey William I received this email today and to my eye it looks very suspect. I did find confirmation on your website that it is legit: https://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability-october-2018?_hsenc=p2ANqtz-97lQw3tt0suK3nMLAp3VN8zzIu5Ct1J7DDYs05efPgPd4NVY3JSuZPbj02ZVKN6D94EWGgvdIJsaRapf4T1Dp9lMqotp8yO5bWEpDt2GbGSDe4Hs4&_hsmi=66718880&_ga=2.130576393.783027082.1539702323-301011559.1538759718

But let me point out some concerns:

No company logos in the email
Generic formatting
No email disclaimers (which some company’s include in their emails)
None of the url’s in the email when viewed actually point back to red-gate.com.

Now when looking at the header information it does look this came from your email servers and I did find in your support forums conversations about the email which directed me to the above url.

While the below email is personalized with my name that could simply be a case of your customer db being compromised (which thankfully isn’t the case here).

I hope that you folks will give more thought into how your format these types of notifications going forward.

Markus · October 17, 2018 4:38PM

I upgraded to 8.0.19 late yesterday after it was confirmed that this was legit. Running fine here.

Russell D · October 18, 2018 2:20PM

Sian said:

Does anyone know in what version of SQL Monitor this security vulnerability was introduced?

Since it's been a web-app, so v1.0 of SQL Response, as it was back then.

SQL Monitor Security Vulnerability

Best Answer

Answers

Product Learning

Community Forums

Events & Friends

Simple Talk