J-Security Center

J-Security Center

Latest Attack Object Updates

Signature Update #1819
posted: 2010/11/22
Signature Update #1818
posted: 2010/11/18
Signature Update #1817
posted: 2010/11/17
Signature Update #1816
posted: 2010/11/16
Signature Update #1815
posted: 2010/11/15

Title: AmTote Homebet World Accessible Log Vulnerability

Severity: HIGH

Description:

AmTote Homebet is an Internet-based account wagering interface.

Homebet stores all account and corresponding PIN numbers in the homebet.log file. This file is a plaintext file stored in the Homebet virtual directory.

On a default installation of the Homebet software, the homebet.log file is world readable and accessible to any user across the Internet. This could allow a malicious user to steal the log file and strip out the account and PIN numbers.

Affected Products:

AmTote Homebet

References:

AmTote: AmTote International, Inc.

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.