Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.

Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.

From: Juha-Matti Laurio <juha-matti.laurio_at_netti.fi>
Date: Wed, 8 Oct 2008 23:58:41 +0300 (EEST)

The vendor fixed the issue remarkable quickly, but

Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.
Addresses like firstname.surname_at_domain.com disclosed confidential information about the people working in specific organizations too.

Juha-Matti

artful38_at_yahoo.com wrote:
> Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email addresses (nor can you do so without credentials)
>
Received on Oct 08 2008

This message: [ Message body ]
Next message: Cesar: "Token Kidnapping Windows 2003 PoC exploit"
Previous message: zdi-disclosures_at_3com.com: "ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability"
Maybe in reply to: vulns_at_wintercore.com: "Motorola Timbuktu's Internet Locator Service real-time data exposed to public."
Next in thread: therese.vanryne_at_motorola.com: "Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]