[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[VulnWatch] Nate User Password Disclosed By Anonymous
- To: <bugtraq@xxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [VulnWatch] Nate User Password Disclosed By Anonymous
- From: "saintlinu" <saintlinu@xxxxxxxxxxx>
- Date: Fri, 5 Aug 2005 10:55:56 +0800
Dear lists
----------------------[Cut Cut]---------------------------------------------
Title: Nate User Password Disclosed By Anonymous
Discoverer: PARK, GYU TAE (saintlinu@xxxxxxxxxxxxx)
Advisory No.: NRVA05-06
Critical: High Critical
Impact: User Information disclosed by unauthorized user
Where: From remote
Operating System: N / A
Solution: Patched
Workaround: N / A
Notice: 08. 01. 2005 Initiate notified
08. 04. 2005 Vendor responded and patched
08. 05. 2005 Disclosure vulnerability
Description:
The Nate is portal service such as MSN, YAHOO on the Web in KOREA.
And interlocked NateOn Messenger (See a NRVA05-02)
When user requests URI on the NateWeb then shown up just like HTML document
but particular URI had included DEBUG CODE for Web-Programmer
Unfortunately DEBUG CODE is an USER'S INFORMATION like password
See following detail describe:
NOT INCLUDED HERE
----------------------[Cut Cut]---------------------------------------------
Cheers