Educause Security Discussion mailing list archives

Re: Vulnerability? Or...not so much?

From: Charles Buchholtz <chip+educause () SEAS UPENN EDU>
Date: Sat, 3 Apr 2010 23:32:49 -0400

On Sat, Apr 03, 2010 at 10:59:23PM -0400, Jason Testart wrote:

If your pentest discovered this, then I would think a real BadGuy could
discover it too.


White box or black box pentest?  If it was a white box pentest it
might have flagged a "document available with no password protection"
when the URI was acting as the username/password.

If it was black box pen testing, then I agree!

--- Chip

Charles H. Buchholtz                    Director of Systems Programming
chip () seas upenn edu            School of Engineering and Applied Science
http://www.seas.upenn.edu/~chip           University of Pennsylvania

Current thread:

Vulnerability? Or...not so much? David Shettler (Apr 03)
- <Possible follow-ups>
- Re: Vulnerability? Or...not so much? Jason Testart (Apr 03)
- Re: Vulnerability? Or...not so much? David Shettler (Apr 03)
- Re: Vulnerability? Or...not so much? Charles Buchholtz (Apr 03)
- Re: Vulnerability? Or...not so much? Charles Buchholtz (Apr 03)
- Re: Vulnerability? Or...not so much? Matthew Wollenweber (Apr 03)
- Re: Vulnerability? Or...not so much? Gibson, Nathan J. (HSC) (Apr 03)
- Re: Vulnerability? Or...not so much? Dexter Caldwell (Apr 03)
- Re: Vulnerability? Or...not so much? David Shettler (Apr 03)
- Re: Vulnerability? Or...not so much? Steve Werby (Apr 04)
- Re: Vulnerability? Or...not so much? SCHALIP, MICHAEL (Apr 04)
- Re: Vulnerability? Or...not so much? Vik Solem (Apr 05)