Bugtraq mailing list archives
security hole in Maximizer
From: mkljones () CRIS COM (Mike Jones)
Date: Thu, 14 Jan 1999 12:13:30 -0700
Ok. This came up a long time ago at the office, and immediately turned my stomach when I found it. However, after spending a while on the phone with Maximizer tech support and an email to their developers, I got the old 'That's how it works.' So I'll leave it to your opinions. The product at risk is the Maximizer Enterprise program version four from Multiactive Technologies. http://www.maximizer.com. The issue. Maximizer is an address book database and calendar similar to what MS does with Outlook. In this program, there is an option to share your calendar with everyone (ie: Everybody can look and see that yes, so and so is out at a meeting at 4 tomorrow.) The DOWNSIDE to this is that everyone can also CHANGE the calendar of everyone else. Now in a small office this is probably not too bad since everyone knows everyone else, and usually everyone knows everyone else's passwords (bad bad. what can you do with a pile of salespeople.) But in a large office, this is a BIG problem. Maximizer's paraphrased response: If they can see it, they can change it. Don't let them see it, or hope they don't change it. Just a little FYI for everyone. Be careful. Hopefully Multiactive changes it in their next version. Mike Jones
Current thread:
- test-cgi - Re: HTTP REQUEST METHOD flaw monti (Jan 13)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Dr. Mudge (Jan 15)
- Secuity hole with perl (suidperl) and nosuid mounts on Linux Brian McCauley (Jan 14)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Ollivier Robert (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jarkko Hietaniemi (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- security hole in Maximizer Mike Jones (Jan 14)
- AW: test-cgi Adrian Dabrowski (Jan 14)