| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Apr 2008 16:07:46 +0100 From: "Pascal Cretain" <pascal.cretain@...il.com> To: bugtraq@...urityfocus.com Subject: Wayport Public Access PC Authentication Bypass Weakness ######################################### Application: Wayport Public Access PC Vendor: http://www.wayport.net Bug: Authorisation Bypass Risk: High Date: 8 April 2008 Author: Pascal Cretain e-mail: Pascal.Cretain at Gmail dot com List: BugTraq (SecurityFocus) ######################################### ======= Product ======= Wayport's Public Access PC === Bug === There is an Authentication Bypass weakness on Wayport's Public Access PCs. To exploit the weakness, one needs to open an Internet Explorer Window through the 'help' function that is available before the card gets swiped and do the following: Help --> Tools --> Manage Add-ons --> Disable Blocker Class This add-on controls the entire charging element of the Solution. An attacker who successfully exploits this misconfiguration could, besides browsing the web for free, use a public access PC as a launching pad. Wayport know about it since the 14th of February. The following reply was received by them on the 15th of February: "Dear Pascal, Thank you very much for your timely advisory and your high moral values. We have verified your findings and made a fix that will get deployed worldwide ASAP (within a week or so)."
Powered by blists - more mailing lists