Mountain-net WebCart Exposed Orders Vulnerability
BID:2281
Info
Mountain-net WebCart Exposed Orders Vulnerability
| Bugtraq ID: | 2281 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 24 1999 12:00AM |
| Updated: | Apr 24 1999 12:00AM |
| Credit: | Posted to BugTraq on April 24, 1999 by Bo Elkjaer < [email protected] > |
| Vulnerable: |
Mountain Network Systems Inc. WebCart 1.0 |
| Not Vulnerable: | |
Discussion
Mountain-net WebCart Exposed Orders Vulnerability
WebCart is a web commerce product provided by Mountain Network Systems, Inc. Certain poorly configured default installations leave customer order information in remotely accessible text files, including credit card details and other sensitive information. These files include orders/checks.txt, config/import.txt, config/mountain.cfg, and possibly others. Exact version information has not been determined; this default configuration issue may have been resolved in more recent versions. Regardless, it should be noted that this is not a vulnerability in the strictest sense but rather a poor configuration issue.
WebCart is a web commerce product provided by Mountain Network Systems, Inc. Certain poorly configured default installations leave customer order information in remotely accessible text files, including credit card details and other sensitive information. These files include orders/checks.txt, config/import.txt, config/mountain.cfg, and possibly others. Exact version information has not been determined; this default configuration issue may have been resolved in more recent versions. Regardless, it should be noted that this is not a vulnerability in the strictest sense but rather a poor configuration issue.
Exploit / POC
Mountain-net WebCart Exposed Orders Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mountain-net WebCart Exposed Orders Vulnerability
Solution:
Mountain Network Systems Inc. recommends following the security practices outlined in the user manual. Remote users should be denied access to customer order information files.
Solution:
Mountain Network Systems Inc. recommends following the security practices outlined in the user manual. Remote users should be denied access to customer order information files.