Dear lists
----------------------[Cut Cut]---------------------------------------------
Title: Nate User Password Disclosed By Anonymous
Discoverer: PARK, GYU TAE (saintlinu@private)
Advisory No.: NRVA05-06
Critical: High Critical
Impact: User Information disclosed by unauthorized user
Where: From remote
Operating System: N / A
Solution: Patched
Workaround: N / A
Notice: 08. 01. 2005 Initiate notified
08. 04. 2005 Vendor responded and patched
08. 05. 2005 Disclosure vulnerability
Description:
The Nate is portal service such as MSN, YAHOO on the Web in KOREA.
And interlocked NateOn Messenger (See a NRVA05-02)
When user requests URI on the NateWeb then shown up just like HTML document
but particular URI had included DEBUG CODE for Web-Programmer
Unfortunately DEBUG CODE is an USER'S INFORMATION like password
See following detail describe:
NOT INCLUDED HERE
----------------------[Cut Cut]---------------------------------------------
Cheers
________________________________________________________
¹«·á 1GB¿ë·®!, ´õ ÀÌ»ó ¿ë·® °í¹Î¾ø´Â - ¾ßÈÄ! ¸ÞÀÏ (http://mail.yahoo.co.kr)
ÃֽŠÈÞ´ëÆù Á¤º¸, º§¼Ò¸®, ij¸¯ÅÍ, ¹®ÀÚ¸Þ¼¼Áö - ¾ßÈÄ! ¸ð¹ÙÀÏ (http://kr.mobile.yahoo.com)
´ëÇѹα¹ ºí·Î±×°¡ ¸ðÀÎ °÷! - ¾ßÈÄ! ÇÇÇøµ(http://kr.ring.yahoo.com)
This archive was generated by hypermail 2.1.3 : Fri Aug 05 2005 - 08:40:39 PDT