Datto Scrambles To Fix System Vulnerabilities, Spars With Continuum Over Disclosures
Datto, the IT business management and continuity services provider, hustled this week to address two security vulnerabilities in the vendor's data protection agents. That's problem enough, but Datto also found itself in a spat with rival Continuum over disclosure of the vulnerabilities.
Datto said the vulnerabilities in its system could allow a rogue user to either pair with an agent or bypass agent command execution restrictions. Datto CTO Robert Gibbons detailed the problems in a five-page letter published Monday. There are no reports of client devices or cloud backup systems being compromised because of the bugs.
One of the bugs, a Datto Windows Agent, has already been addressed with new software and the company is working on an agent software update to address the other vulnerability.
Datto rival Continuum Managed Services, however, reported the vulnerabilities to Datto back on Oct. 25 and the company was working on a security update for its clients. That's because some Continuum partners still use Vault backup and recovery software from Datto that Continuum sold until 2015.
Datto objected to Continuum's disclosure plans, saying it wanted to get word of the problems out first and that public disclosure of the unpatched bugs would make customers more vulnerable to attack. Continuum's CEO said his company was "acutely aware of the risks involved" in going public about the vulnerabilities and that it only intended to alert its affected partners.