Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product

To: "Jay D. Dyson" <jdyson@xxxxxxxxxxxxx>
Subject: Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
From: "Zow" Terry Brugger <zow@xxxxxxxx>
Date: Thu, 18 Aug 2005 17:35:02 -0700
Cc: Jason Coombs <jasonc@xxxxxxxxxxx>, Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Comments: In-reply-to "Jay D. Dyson" <jdyson@xxxxxxxxxxxxx> message dated "Thu, 18 Aug 2005 11:34:43 -0700."
In-reply-to: <Pine.LNX.4.63.0508181132330.5215@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1215857159-1124378678-cardhu_blackberry.rim.net-17408-@engine111> <Pine.LNX.4.63.0508181132330.5215@xxxxxxxxxxxxxxxxxxxxxx>

>       Especially considering that the IP address is within a Wells Fargo 
> Bank class B netblock.  It just gets curiouser and curiouser.

No, that actually explains a lot -- you know how you swipe your credit card 
at the kiosk so that it can retrieve your flight information? Well, it needs 
to map your CC number to a name, and whether your name is encoded on the mag 
stripe or not, it should go back to a bank to retrieve that information. I 
bet you one good cup of coffee (offer applies to Jason and Jay only) that 
that's why they're connecting to Wells Fargo.

Now then, one could debate the wisdom of transferring this information in the 
clear (http as opposed to https). I'm not going to try to connect to the 
server myself out of politeness, but I would hope that the connection is 
being tunneled through the Internet by a VPN, and that the server is 
otherwise inaccessible. If that is the case, I think the debate over whether 
it uses a public or private IP is academic.

The potential insecurities in the use of Win/IE for a public kiosk are worth 
considering, however I'm personally more concerned when my pilot tells us 
that we're going to be delayed from pushing back for a minute because they 
need to do the equivalent of a Control-Alt-Delete to the plane.

Cheers,
Terry

import StandardDisclaimer;

References:
- Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
  - From: Jason Coombs
- Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
  - From: Jay D. Dyson

Prev by Date: ATutor 1.5.1 and prior multiple XSS Vulnerabilities
Next by Date: WinAce Temporary File Parsing Buffer Overflow Vulnerability
Previous by thread: Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Next by thread: BBCaffe 2.0 cross site scripting poc
Index(es):
- Date
- Thread