[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [SNS Advisory No.45]Manpower Japan Potential Personal Information Leak Vulnerability
From: "snsadv () lac ! co ! jp" <snsadv () lac ! co ! jp>
Date: 2001-10-30 8:54:38
[Download RAW message or body]
----------------------------------------------------------------------
SNS Advisory No.45
Manpower Japan Potential Personal Information Leak Vulnerability
Problem first discovered: Fri, 22 Jun 2001
Published: Tue, 30 Oct 2001
----------------------------------------------------------------------
Type of Document:
-----------------
Discovery of a security issue and report of a solution
Overview:
---------
A vulnerability was found in Manpower Japan homepage that could lead
to disclosure of registered personal information.
Problem Description:
--------------------
Although it is required to authenticate username and password in order
to make references and/or update personal information, some parts of
the session management were not processed properly. It was possible
to have access to other profiles by simply modifying the following
parameter included in the link that allows for update of personal
information:
CandID=100003034
to
CandID=100003035
Solution:
---------
This problem was reported immediately after discovery to those in
charge so that appropriate measures could be taken. Thus, the
affected session management has already been fixed (October 29, 2001).
Discovered by:
--------------
Nobuo Miwa (LAC) n-miwa@lac.co.jp
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
References
----------
Archive of this advisory(in preparation now):
http://www.lac.co.jp/security/english/snsadv_e/45_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic