<<< Date Index >>>     <<< Thread Index >>>

Re: Remedy Action Request System 5.01.02 - User Enumeration



Lee Rumble writes:
This has always been the case with the Remedy system which I use day in and
day out. This is also present in older versions too and I have spoken with
them about this, but they do not deem this to be a security flaw.

Hello Lee,
if they think or not it is a security flaw, well, it's their opinion.
I think that the possibility to enumerate users is a security flaw, and you?
Gaining access to the system itself has no real advantages either.

It depends from what the system is used for. There are a lot of companies
that use to attach important documents to the remedy tickets or use remedy
to trace every activity. According to you, is it important to access the
repository in which every activity has been traced ? Best regards, d.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Davide Del Vecchio "Dante Alighieri" dante@xxxxxxxxxxxxx
http://www.alighieri.org http://legaest.blogspot.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -