Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Nate User Password Disclosed By Anonymous

From: saintlinu () null2root org
Date: Fri, 5 Aug 2005 12:35:48 +0900
Title:             Nate User Password Disclosed By Anonymous
Discoverer:        PARK, GYU TAE (saintlinu () null2root org)
Advisory No.:      NRVA05-06
Critical:          High Critical
Impact:            User Information disclosed by unauthorized user
Where:             From remote
Operating System:  N / A
Solution:          Patched
Workaround:        N / A

Notice:            08. 01. 2005 Initiate notified
                   08. 04. 2005 Vendor responded and patched
                   08. 05. 2005 Disclosure vulnerability

Description: 
The Nate is portal service such as MSN, YAHOO on the Web in KOREA.
And interlocked NateOn Messenger(See a NRVA05-02)

When user requests URI on the NateWeb then shown up just like HTML document
but particular URI had included DEBUG CODE for Web-Programmer

Unfortunately DEBUG CODE is an USER'S INFORMATION like password


See following detail describe:

NOT INCLUDED HERE
Previous By Date Next
Previous By Thread Next

Current thread: