Vulnerability fixed in E-gold

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability fixed in E-gold
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Mar 2006 01:17:49 +0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: www.security.nnov.ru
Reply-to: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>

Hello full-disclosure, bugtraq

  Netsling (shurik.f_(at)_gmail.com) reported vulnerability in E-gold.

  Vulnerability was reported and fixed in E-gold partner payment script.
  It  was  possible  to  transfer  money  from  E-gold  account  without
  knowledge of AccounID/PassPhrase if user is logged on.

  Vulnerability details can be found at
  http://bhunter.awardspace.com/vuln-en.html

  The most interesting thing here is E-gold reaction:

  1. Vendor fixed vulnerability within 24 hours.
  2. Vendor decided to reward researcher without any request from his
  side.
  3. Vendor gave permission to publish vulnerability information.

  Just ideal. I hope Microsoft to read this.

  Vulnerability  was  found  and  reported  to  E-gold  by nestling, Web
  software  developer  from  Russia. Please contact him directly, if you
  have  any questions, because I was only asked to translate and publish
  this information.
  

-- 
/3APA3A
http://www.security.nnov.ru/

Prev by Date: Vulnerability in e-gold
Next by Date: [ GLSA 200603-11 ] Freeciv: Denial of Service
Previous by thread: Vulnerability in e-gold
Next by thread: [ GLSA 200603-11 ] Freeciv: Denial of Service
Index(es):
- Date
- Thread