|
Dear lists ----------------------[Cut
Cut]--------------------------------------------- Title:
Nate User Password Disclosed By Anonymous Discoverer: PARK, GYU
TAE ([EMAIL PROTECTED]) Advisory No.: NRVA05-06 Critical:
High Critical Impact:
User Information disclosed by unauthorized user Where:
>From remote Operating System: N / A Solution:
Patched Workaround: N / A Notice:
08. 01. 2005 Initiate notified
08. 04. 2005 Vendor responded and patched
08. 05. 2005 Disclosure vulnerability Description: The Nate is portal service such as MSN, YAHOO on the Web in And interlocked NateOn Messenger (See a NRVA05-02) When user requests URI on the NateWeb then shown up just like
HTML document but particular URI had included DEBUG CODE for Web-Programmer Unfortunately DEBUG CODE is an USER'S INFORMATION like password See following detail describe: NOT INCLUDED HERE ----------------------[Cut
Cut]--------------------------------------------- Cheers |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
