Home page logo
/

bugtraq logo Bugtraq mailing list archives

secureinc.com Vulnerability
From: Jason Giglio <jgiglio () netmar com>
Date: Sat, 23 Mar 2002 14:50:59 -0500

This is a minor vulnerability involving any e-commerce site that uses secure.secureinc.com as their credit card 
processing server.

After order information is submitted, the server attempts to set a cookie that includes all form information, including 
billing and shipping name, address and phone number.  Credit card information is not included.  This information is 
stored in plaintext on the user's computer, without any notice, or way to opt out.

Vendor notification:

None- Vulnerability minor, and www.secureinc.com does not have any contact information on it, or anything much for that 
matter.  I discovered this after placing an order with a company that uses secureinc.com as their credit card processor.

Workaround:

Reject this cookie from secure.secureinc.com, as it is not necessary for processing your orders.


  By Date           By Thread  

Current thread:
  • secureinc.com Vulnerability Jason Giglio (Mar 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]