Vulnerability in the website.
Aniket Pawar
aniketpawar091 at yahoo.com
Sat Sep 26 14:17:10 EDT 2015
Password Transmitted over HTTP:
Detected that password data is being transmitted over HTTP.
IMPACT:
If an attacker can intercept network traffic, he/she can steal users' credentials.
ACTIONS TO TAKE:
Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
REMEDY:
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input, starting from the login process, should only be served over HTTPS.
http://pidgin.im/cgi-bin/mailman/listinfo/support
Request
GET /cgi-bin/mailman/listinfo/support HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Referer: http://pidgin.im/support/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Netsparker)
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: pidgin.im
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sat, 26 Sep 2015 17:54:55 GMT
Transfer-Encoding: chunked
Cache-control: no-cache
Server: lighttpd
Content-Type: text/html; charset=utf-8
<!-- $Revision: 5865 $ -->
<HTML>
<HEAD>
<TITLE>Support Info Page</TITLE>
</HEAD>
<BODY>
<P>
<TABLE COLS="1" BORDER="0" CELLSPACING="4" CELLPADDING="5">
<TR>
<TD COLSPAN="2" WIDTH="100%" BGCOLOR="#99CCFF" ALIGN="CENTER">
<B><FONT COLOR="#000000" SIZE="+1">Support --
End-user support for Pidgin, Finch and libpurple</FONT></B>
</TD>
</TR>
<tr>
<td colspan="2">
<p>
</td>
</tr>
<tr>
<TD COLSPAN="1" WIDTH="100%" BGCOLOR="#FFF0D0">
<B><FONT COLOR="#000000">About Support</FONT></B>
</TD>
<TD COLSPAN="1" WIDTH="100%" BGCOLOR="#FFF0D0">
<FORM Method=POST ACTION="../listinfo/support"> English (USA)
</FORM>
<FORM Method=POST ACTION="../subscribe/support">
</TD>
</TR>
<tr>
<td colspan="2">
<P style="border: 1px dotted #0000ff; padding: 0.4em;"><!---->For general support questions about using Finch, Pidgin, or libpurple.
<br>
<br>Please check the <a href="https://developer.pidgin.im/wiki/FAQ">FAQ</a> and our <a href="https://developer.pidgin.im/search">bug tracking system</a> to make sure your issue isn't already known.
<br>
<br>THIS LIST IS PUBLIC! Any information you send here will be visible to the world forever. DO NOT SEND PASSWORDS.<!----></P>
<p> To see the collection of prior postings to the list,
visit the <a href="https://pidgin.im/pipermail/support/">Support
Archives</a>.
</p>
</TD>
</TR>
<TR>
<TD COLSPAN="2" WIDTH="100%" BGCOLOR="#FFF0D0">
<B><FONT COLOR="#000000">Using Support</FONT></B>
</TD>
</TR>
<tr>
<td colspan="2">
To post a message to all the list members, send email to
<A HREF="mailto:support at pidgin.im">support at pidgin.im</A>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20150926/b8a2a546/attachment.html>
More information about the security
mailing list