Full Disclosure mailing list archives
Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: ph0enix <ph0enix () justonemorething org>
Date: Thu, 19 May 2005 08:36:10 +0200
Date: May 19, 2005Description: OSX 10.4 Dashboard Permits Hijacking of Authenticated Credentials
This issue is known since 2005-05-09 and OSVDB had an entry already: http://www.osvdb.org/16499
Versions Affected: OSX 10.4.0 OSX 10.4.1
10.4.1 doesn't seem to be vulnerable. Could you please show how do you exploit this when the option in Safari is turned on?
www.osvdb.org -- everything is vulnerable.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Alain Fauconnet (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Graham Reed (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Alain Fauconnet (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Content detection in html payload with snort ? Frederic Charpentier (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Message not available
- Message not available
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)