[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ariba password exposure vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ariba password exposure vulnerability
From: gerald626@xxxxxxxxx
Date: 31 Aug 2005 18:04:07 -0000

The Ariba Spend Mangement System, which is a web-based application, appears to 
transmit the username and password of the user to the server via the URL in 
plain text.  Packet capture is available for analysis upon request.

This may enable a malicious user to sniff the username/password for accounts in 
the 'approval' role (for example, the CFO/CTO/CEO), which would allow the user 
to purchase items they are not normally permitted to.

Gerald.

Prev by Date: Vulnerability in Symantec Anti Virus Corporate Edition v9.x
Next by Date: Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x]
Previous by thread: Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x
Next by thread: RE: Ariba password exposure vulnerability
Index(es):
- Date
- Thread