lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9FBC5AD6-5761-449F-AF6D-3E3A332AA1BB@zataz.net>
Date: Thu May 19 07:42:08 2005
From: exploits at zataz.net (ZATAZ.net)
Subject: Mac OSX 10.4 Dashboard Authentication Hijacking
	Vulnerability

Hello,

http://stephan.com/widgets/zaptastic/

Regards.


Le 19 mai 05 ? 08:36, ph0enix a ?crit :

>> Date: May 19, 2005
>> Description: OSX 10.4 Dashboard Permits Hijacking of Authenticated  
>> Credentials
>
> This issue is known since 2005-05-09 and OSVDB had an entry already:
> http://www.osvdb.org/16499
>
>> Versions Affected:
>> OSX 10.4.0
>> OSX 10.4.1
>
> 10.4.1 doesn't seem to be vulnerable. Could you please show how do  
> you exploit this when the option in Safari is turned on?
>
>
> www.osvdb.org -- everything is vulnerable.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Cordialement

-----------------------------------------------------

Eric Romang / ZATAZ Production
Co-fondateur de ZATAZ
eromang@...az.net
www.zataz.com / www.zataz.net
GSM : +352 091 600 404
B.P. 311
59474 Seclin Cedex
France

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ