Bugtraq mailing list archives

Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 8 Oct 2008 23:58:41 +0300 (EEST)

The vendor fixed the issue remarkable quickly, but

Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.

Addresses like firstname.surname () domain com disclosed confidential information about the people working in specific organizations too.

Juha-Matti

artful38 () yahoo com wrote:

Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email 
addresses (nor can you do so without credentials)

Current thread:

Motorola Timbuktu's Internet Locator Service real-time data exposed to public. vulns (Oct 06)
- <Possible follow-ups>
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. artful38 (Oct 07)
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. Juha-Matti Laurio (Oct 08)
- Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public. therese . vanryne (Oct 09)