lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 9 Aug 2008 14:01:44 -0300
From: "H2G-Labs Information Security" <h2glabs.infosec@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Brazilian Bank (Caixa Economica Federal) Stupid
	Vuln #02 (Opera's Style)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi folks,
some brazilian banks has implementing a system based in computer
identification (like a PC register).

The system have some vulns and can be easily exploited.

Caixa Economica Federal (http://www.caixa.gov.br) never reply us. So,
we will show another stupid way to bypass the computer identification.

One more time, if the attacker have the USERNAME and the PASSWORD of
the user account, the attacker can log in on the bank account without
identify the computer.

To this, just download the Opera Browser. (yes, this is a stupid way
to bypass the bank "protection")

The system based in computer identification can be easily bypassed
using the Opera Browser.

So, download the Opera Browser and you will be logged in, without need
register/identify you machine. :Pwned!

Well, i hope the CAIXA team solve this problem hurry. And next time,
reply our mails.

Sorry to bad english.

Regards...

- --
H2G-Labs Information Security
Igor Marcel - Information Security Consultant
H2GLabs.InfoSec "at" Gmail.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG (PRIVATE)
Comment: H2G-Labs Information Security

iQIVAwUBSJ3N3cJBTfehHgWwAQrBSA//ZIjAFG8Q/JObIFUT6uUBgruILTVmXci3
SMYlEUucQP/eM/33Q1k6WoN24p/4vU2aQi9bthfXiwTz0eF043yYVBqs/Ved4p74
XRYd0CuCWbenaeKGoFZrqEBpBpp/YMEh6rLbm7hlqI6tQEV1jJruGOZXe9bZyHnm
QQq1FoXHMKBtuUVycTk6RquzEJ0rlRB4g7eUnHWjfpghZUXBKkzkB53VUm1IMNVs
LV20eaDR3sxGfH6T9PEIqO6YP8f1ielR2yHzXQX+vdrFQ/WGmwDOyMfsN3q8EJyC
Crfb41JcOX90bTtXOhVcp+IKPsVsWBwFI4H3ImL9az+ZgAiSzsfnIFWHPXa7KfgW
YbCEfFnmrlVhvTw3e4m+qW22fX1WcPCn4MZU+u5mPUfpIbxUerDB2JtachvLBfO6
lrliUUWA9XYqeIIcUS/7hKikrJ3m161jzsLDpRBBUZxIg0cQsXZnNNRlUHiMW8MT
+qPnAgkjvCVCDB5Rqd9icyNBmRtWh8SHhBqLXbd5iTs1JZr3D7AgKpkofkd88VoX
uX1qTbs11+H/12D0oOQnEtP6IuqgoRJcqliL+2MWUIMikEEsIu5cKr7xzz6Qahzs
dpkYbmL6vTUqLeZV2rdAK4yDU0ErD8m42TkgSGby3IpUPu8XzO06VWsgZ4YsFD0v
mwQaL/y2V1A=
=mANl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ