How can security companies protect us if they can't even configure their
shit right?
More on that :
From their Pen Test Whitepaper on http://www.sacure.com/index.php
The Web-based authentication is exploited by using XSS (cross-site shipping)
or SLQ injection or MITM (Man-in-the-Middle)
In fine prints, at the end of the document (Pen Test Whitepaper) :
While every precaution has been taken in the preparation of this document,
Sacure assumes no responsibility for errors,
omissions or damages resulting from the use of the information herein.
What a joke...