Full Disclosure mailing list archives
Nate User Password Disclosed By Anonymous
From: "saintlinu" <saintlinu () yahoo co kr>
Date: Fri, 5 Aug 2005 10:55:56 +0800
Dear lists ----------------------[Cut Cut]--------------------------------------------- Title: Nate User Password Disclosed By Anonymous Discoverer: PARK, GYU TAE (saintlinu () null2root org) Advisory No.: NRVA05-06 Critical: High Critical Impact: User Information disclosed by unauthorized user Where: From remote Operating System: N / A Solution: Patched Workaround: N / A Notice: 08. 01. 2005 Initiate notified 08. 04. 2005 Vendor responded and patched 08. 05. 2005 Disclosure vulnerability Description: The Nate is portal service such as MSN, YAHOO on the Web in KOREA. And interlocked NateOn Messenger (See a NRVA05-02) When user requests URI on the NateWeb then shown up just like HTML document but particular URI had included DEBUG CODE for Web-Programmer Unfortunately DEBUG CODE is an USER'S INFORMATION like password See following detail describe: NOT INCLUDED HERE ----------------------[Cut Cut]--------------------------------------------- Cheers
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Nate User Password Disclosed By Anonymous saintlinu (Aug 04)