lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <30d129970804080807h13d96ac4w79122c7c294ee34a@mail.gmail.com>
Date: Tue, 8 Apr 2008 16:07:46 +0100
From: "Pascal Cretain" <pascal.cretain@...il.com>
To: bugtraq@...urityfocus.com
Subject: Wayport Public Access PC Authentication Bypass Weakness

 #########################################
  Application: Wayport Public Access PC
  Vendor: http://www.wayport.net
  Bug: Authorisation Bypass
  Risk: High
  Date: 8 April 2008
  Author: Pascal Cretain
  e-mail: Pascal.Cretain at Gmail dot com
  List: BugTraq (SecurityFocus)
  #########################################


 =======
  Product
  =======
  Wayport's Public Access PC

 ===
  Bug
  ===
 There is an Authentication Bypass weakness on Wayport's Public Access
 PCs. To exploit the weakness, one needs to open an Internet Explorer
 Window through the 'help' function that is available before the card
 gets swiped and do the following:
 Help --> Tools --> Manage Add-ons --> Disable Blocker Class
 This add-on controls the entire charging element of the Solution.

 An attacker who successfully exploits this misconfiguration could,
 besides browsing the web for free, use a public access PC as a
 launching pad.

 Wayport know about it since the 14th of February. The following reply
 was received by them on the 15th of February:

 "Dear Pascal,

 Thank you very much for your timely advisory and your high moral
 values. We have verified your findings and made a fix that will get
 deployed worldwide ASAP (within a week or so)."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ