WHID 2006-38: Convenience or just bad design?

Altiris seems to have designed their servers so that it is easy to both access their customers upload as well as find out their e-mail addresses.

Additional information:

Convenience or just bad design? [WebAppSec, Jul 12 2006]

Attack Method:

Insufficient Authorization

Incident Outcome:

Disclosure Only

Add new comment