| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000595 | Main CAcert Website | source code | public | 2008-08-14 02:04 | 2013-01-15 02:49 |
| Reporter | kriss | Assigned To | TheSourcerer | ||
| Priority | immediate | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Main CAcert Website | ||||
| Fixed in Version | 2008 | ||||
| Summary | 0000595: Arbitrary addition to list of email addresses valid to verify a domain as being under the control of the user. | ||||
| Description | Plain and simple: https://www.cacert.org/account.php?oldid=7&newdomain=yahoo.jp&adds[]=your@email.here This will only work for the .jp domain, since spec'ing any other TLD will initialize the adds array to whatever the WHOIS information gives. Seems to be a case of register_globals + PHP being overly helpful in making an array for us + very, very bad coding standards from a security perspective. | ||||
| Additional Information | You'll find packetlogic.jp assigned to kriss@proceranetworks.com using this exploit, no certificate created / nothing to revoke. (PacketLogic is a trademark/product of Procera Networks and packetlogic.jp is owned by a local partner, so I don't foresee that anyone would have much of a legal or administrative issue with this.) | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
- Anonymous
