Bugtraq mailing list archives

Re: Major security flaw in Cybercash 2.1.2

From: tfs () CHARM SEALSOFT COM (Tim Scanlon)
Date: Sat, 8 Nov 1997 00:35:20 -0500


On Fri, 7 Nov 1997 , Anonymous  said:

In CyberCash's server, when the "DEBUG" flag is on, the contents of
all credit card transactions are written to a log file (named
"Debug.log" by default).

The easiest workaround I've found is to simply delete the existing
Debug.log file.  In my experience with the Solaris release, the
CyberCash software does not create this file at start time when the
DEBUG flag is set to 0.


ln -s Debug.log /dev/null

Works easier than deleting over and over I'd hazard.

Tim


---
________________________________________________________________
tfs () sealsoft com                (NeXTmail, MIME)     Tim Scanlon
tfs () epic org                    (PGP key by req)  crypto is good
Seal Technologies Inc.                        I own my own words

Current thread:

Major security flaw in Cybercash 2.1.2 Anonymous (Nov 07)
- Re: Major security flaw in Cybercash 2.1.2 Tim Scanlon (Nov 07)
- <Possible follow-ups>
- Re: Major security flaw in Cybercash 2.1.2 Megan Alexander (Nov 11)