Bugtraq mailing list archives
Re: Remedy Action Request System 5.01.02 - User Enumeration
From: "Davide Del Vecchio" <dante () alighieri org>
Date: Tue, 16 Jan 2007 11:09:22 +0100
Lee Rumble writes:
This has always been the case with the Remedy system which I use day in andday out. This is also present in older versions too and I have spoken withthem about this, but they do not deem this to be a security flaw.
Hello Lee,
if they think or not it is a security flaw, well, it's their opinion.I think that the possibility to enumerate users is a security flaw, and you?
Gaining access to the system itself has no real advantages either.
It depends from what the system is used for. There are a lot of companies that use to attach important documents to the remedy tickets or use remedy to trace every activity. According to you, is it important to access therepository in which every activity has been traced ? Best regards, d.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Davide Del Vecchio "Dante Alighieri" dante () alighieri org http://www.alighieri.org http://legaest.blogspot.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Current thread:
- Remedy Action Request System 5.01.02 - User Enumeration Davide Del Vecchio (Jan 15)
- Message not available
- Re: Remedy Action Request System 5.01.02 - User Enumeration Davide Del Vecchio (Jan 16)
- Message not available