Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

remember password manager..

From: "Kevin Fernandez" <security () xssed com>
Date: Sun, 16 Mar 2008 06:51:59 +0100 (CET)
http://secunia.com/advisories/23046/

Solution Status:         Unpatched

The vulnerability is caused due to the Password Manager not properly
checking the URL before automatically filling in saved user credentials
into forms. This may be exploited to steal user credentials via malicious
forms in the same domain.
(or if the site has any xss)

And i can confirm it's still unfixed in 2.0.0.12.. do you guys keep saving
your passwords? :P

Kevin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: