[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Ariba password exposure vulnerability
From: gerald626 () gmail ! com
Date: 2005-08-31 18:04:07
Message-ID: 20050831180407.20708.qmail () securityfocus ! com
[Download RAW message or body]
The Ariba Spend Mangement System, which is a web-based application, appears to \
transmit the username and password of the user to the server via the URL in plain \
text. Packet capture is available for analysis upon request.
This may enable a malicious user to sniff the username/password for accounts in the \
'approval' role (for example, the CFO/CTO/CEO), which would allow the user to \
purchase items they are not normally permitted to.
Gerald.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic