The vendor fixed the issue remarkable quickly, but
Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.
Addresses like firstname.surname (at) domain (dot) com [email concealed] disclosed confidential information about the people working in specific organizations too.
Juha-Matti
artful38 (at) yahoo (dot) com [email concealed] wrote:
> Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email addresses (nor can you do so without credentials)
>
Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.
Addresses like firstname.surname (at) domain (dot) com [email concealed] disclosed confidential information about the people working in specific organizations too.
Juha-Matti
artful38 (at) yahoo (dot) com [email concealed] wrote:
> Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email addresses (nor can you do so without credentials)
>
[ reply ]