Title: Nate User Password Disclosed By Anonymous
Discoverer: PARK, GYU TAE (saintlinu@xxxxxxxxxxxxx)
Advisory No.: NRVA05-06
Critical: High Critical
Impact: User Information disclosed by unauthorized user
Where: From remote
Operating System: N / A
Solution: Patched
Workaround: N / A
Notice: 08. 01. 2005 Initiate notified
08. 04. 2005 Vendor responded and patched
08. 05. 2005 Disclosure vulnerability
Description:
The Nate is portal service such as MSN, YAHOO on the Web in KOREA.
And interlocked NateOn Messenger(See a NRVA05-02)
When user requests URI on the NateWeb then shown up just like HTML document
but particular URI had included DEBUG CODE for Web-Programmer
Unfortunately DEBUG CODE is an USER'S INFORMATION like password
See following detail describe:
NOT INCLUDED HERE
