<<< Date Index >>>     <<< Thread Index >>>

Nate User Password Disclosed By Anonymous



Title:             Nate User Password Disclosed By Anonymous
Discoverer:        PARK, GYU TAE (saintlinu@xxxxxxxxxxxxx)
Advisory No.:      NRVA05-06
Critical:          High Critical
Impact:            User Information disclosed by unauthorized user
Where:             From remote
Operating System:  N / A
Solution:          Patched
Workaround:        N / A

Notice:            08. 01. 2005 Initiate notified
                   08. 04. 2005 Vendor responded and patched
                   08. 05. 2005 Disclosure vulnerability

Description: 
The Nate is portal service such as MSN, YAHOO on the Web in KOREA.
And interlocked NateOn Messenger(See a NRVA05-02)

When user requests URI on the NateWeb then shown up just like HTML document
but particular URI had included DEBUG CODE for Web-Programmer

Unfortunately DEBUG CODE is an USER'S INFORMATION like password


See following detail describe:

NOT INCLUDED HERE