I don’t care about the MITM attack, but the lack of package validation and automatic escalation of UAC privileges is very, very concerning.
What this effectively means that if you accidentally run malware through Listary, it will automatically inherit the admin priv and potentially ransomware your computer.
This vulnerability exists in all versions of Listary, including v6.
The reason I found this is because I just experienced this on my own computer and was wondering why some software were running with “Full Elevation” in process manager. I tracked it down to Listary. Winamp among other software actually broke because they were running in full admin without any user interaction.
I love Listary, especially the new version, but this seems like an unacceptable security risk.
@Channing This was reported to Bopsoft several times. Is there a response to this?
The normal set-up of Listary has no such problems.
Running it as Admin is not suggested and not necessary
for its designed functions.
None of my processes started for Listary runs with elevated rights.
Windows 11 Home Version 24H2 (OS Build 26100.2605)
Listary Pro 6.3.1.84
Thank you for reporting this issue. We strongly recommend using the official installer version. In this version, Listary runs with standard privileges, and processes launched by Listary are detached, meaning they won’t inherit privileges or environment variables.
Additionally, we have previously migrated our update server to HTTPS.