Home page logo

bugtraq logo Bugtraq mailing list archives

EAGLE USA Shipment Tracking software
From: dmelch () ntplx net
Date: Thu, 11 Jan 2001 16:00:24 -0500

I have discovered that the shipping software distributed by EAGLE USA sends
Username/Password information in clear text over the internet. This can be
replicated by installing the software and using a sniffer to view the HTML
string that gets passed to the server. Very clearly the Username password combo
appears in clear text in the string. This information could be very useful in a
corporate espionage situation in which gaining information about product
shipments by a competitor (how many of what product where shipped at what cost
to what customer when) could be of use.

David Melchionna
Senior Network Security Analyst
Bayer Pharmaceuticals.

  By Date           By Thread  

Current thread:
  • EAGLE USA Shipment Tracking software dmelch (Jan 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]