mailing list archives
From: Jason Giglio <jgiglio () netmar com>
Date: Sat, 23 Mar 2002 14:50:59 -0500
This is a minor vulnerability involving any e-commerce site that uses secure.secureinc.com as their credit card
After order information is submitted, the server attempts to set a cookie that includes all form information, including
billing and shipping name, address and phone number. Credit card information is not included. This information is
stored in plaintext on the user's computer, without any notice, or way to opt out.
None- Vulnerability minor, and www.secureinc.com does not have any contact information on it, or anything much for that
matter. I discovered this after placing an order with a company that uses secureinc.com as their credit card processor.
Reject this cookie from secure.secureinc.com, as it is not necessary for processing your orders.
- secureinc.com Vulnerability Jason Giglio (Mar 26)