Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Nate User Password Disclosed By Anonymous

from [saintlinu] Network Security [Permanent Link]
Subject: [Full-disclosure] Nate User Password Disclosed By Anonymous
Date: Fri, 5 Aug 2005 10:55:56 +0800 
Dear lists

 

----------------------[Cut Cut]---------------------------------------------

Title:             Nate User Password Disclosed By Anonymous

Discoverer:        PARK, GYU TAE (saintlinu@null2root.org)

Advisory No.:      NRVA05-06

Critical:          High Critical

Impact:            User Information disclosed by unauthorized user

Where:             From remote

Operating System:  N / A

Solution:          Patched

Workaround:        N / A

 

Notice:            08. 01. 2005 Initiate notified

                   08. 04. 2005 Vendor responded and patched

                   08. 05. 2005 Disclosure vulnerability

 

Description: 

The Nate is portal service such as MSN, YAHOO on the Web in KOREA.

And interlocked NateOn Messenger (See a NRVA05-02)

 

When user requests URI on the NateWeb then shown up just like HTML document

but particular URI had included DEBUG CODE for Web-Programmer

 

Unfortunately DEBUG CODE is an USER'S INFORMATION like password

 

 

See following detail describe:

 

NOT INCLUDED HERE

----------------------[Cut Cut]---------------------------------------------

 

Cheers


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Nate User Password Disclosed By Anonymous, saintlinu <=
Previous by Date:  [Full-disclosure] iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow, iDEFENSE Labs
Next by Date:  [VulnWatch] Nate User Password Disclosed By Anonymous, saintlinu
Previous by Thread:  [Full-disclosure] iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow, iDEFENSE Labs
Next by Thread:  [VulnWatch] Nate User Password Disclosed By Anonymous, saintlinu
Indexes:  [Date] [Thread] [Top] [All Lists]