Security Issue For Older Bardon Products
Released Before August 5 2000

October 20 2000

Summary: Some passwords usable by older versions of WinU and Full Control have been published on the Internet. This affects WinU 1.0 through 5.1, and Full Control 1.0 through 2.6.

Products released after August 5 2000 are not at risk. However, all users of earlier versions should immediately upgrade to the current release of WinU or Full Control. See below for details.


Background: WinU and Full Control include an 'emergency password' mechanism. This is not a 'backdoor' but rather a documented feature to handle emergencies in which our users lock themselves out by accident. Prior to this incident, Bardon successfully used this feature for over five years without any security breaches.

The Problem: An unknown person published on the Internet some emergency passwords that can be used with each version. With this list anyone can modify any settings in the Bardon software, or close or delete it, leaving the computer unprotected. On October 13 2000 this person posted the emergency password list on the Internet. Bardon had no advance notice of this. We were made aware of this situation shortly after the October 13 public posting.

The Solution: On October 20 2000 Bardon made updates available on its website that take care of the problem.

Affected Versions: WinU versions 1.0 through 5.1, and Full Control versions 1.0 through 2.6 are affected by this situation. Users of these versions are advised to upgrade to the current release of WinU or Full Control. Products released after August 5, 2000 are not affected.

How To Upgrade: Most customers have the current major release (WinU 5.x or Full Control 2.x) and will use upgrade method 1. Customers using an older release can also upgrade using method 2 or 3 as described below.

1) Free Upgrade To A Current Release: Users of any WinU 5.x version can upgrade to WinU 5.2 (or any later 5.x version) at no charge. Similarly, users of any Full Control 2.x version can upgrade to Full Control 2.7 (or any later 2.x version) at no charge.

To upgrade a current release, click here to obtain the newest version. (This link is a shortcut to the same download-request pages available elsewhere on the Bardon website.) Install the new version over top of the existing installed version. The new files will replace the old ones, and your settings will be carried over into the new version. To do an automated mass-upgrade over your network, use the Remote Administration Manager's 'version upgrade' feature.

2) Free Upgrade To An Older Release: Users of earlier versions (Full Control 1.x, or WinU 1.x through 4.x) who have a currently active Maintenance Plan subscription can upgrade at no charge. Contact Bardon Data Systems to take care of this.

3) Further Upgrade Options: The free-upgrade options cover the majority of Bardon users. Other customers should contact Bardon Data Systems to discuss upgrade options.

Contact Information: If you need further assistance, contact Bardon at:

Bardon Data Systems
510-526-8470 voice
510-526-1271 fax
http://www.bardon.com
info@bardon.com

Click here to return to the main Bardon website