Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remedy Action Request System 5.01.02 - User Enumeration

From: "Davide Del Vecchio" <dante () alighieri org>
Date: Tue, 16 Jan 2007 11:09:22 +0100
Lee Rumble writes:
This has always been the case with the Remedy system which I use day in and 
day out. This is also present in older versions too and I have spoken with
them about this, but they do not deem this to be a security flaw.
Hello Lee, 
if they think or not it is a security flaw, well, it's their opinion.
I think that the possibility to enumerate users is a security flaw, and you? 
Gaining access to the system itself has no real advantages either.


It depends from what the system is used for. There are a lot of companies
that use to attach important documents to the remedy tickets or use remedy
to trace every activity. According to you, is it important to access the
repository in which every activity has been traced ? Best regards, d. 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Davide Del Vecchio "Dante Alighieri" dante () alighieri org
http://www.alighieri.org http://legaest.blogspot.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: