Home / vulnerabilities FSSA-2009-0402.txt
Posted on 17 July 2009
Source : packetstormsecurity.org Link
Advisory Title: Mobile Rediff Username and Password Disclosure
Advisory ID: FSSA-2009-0402
Author: Gursev Kalra (gursev.kalra@foundstone.com)
Application: MobileRediff 1.04 by http://www.rediff.com/
Vendor Contact Date: 4/24/2009 (Vendor notified by email)
Release Date: 7/15/2009
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Medium (Information Disclosure)
Vendor Status: No Response received
Overview:
Rediffmail component of MobileRediff (Version 1.04) application allows username and password disclosure.
Details:
Vendor Response:
No Response
Workaround:
Do not enable store username and password option on the Rediffmail component of Mobile Rediff application.
For questions and comments please send an email to:
research@foundstone.com
Foundstone Vulnerability Research Advisory Archive:
http://www.foundstone.com/research/advisories
