Closed Bug 1446723 Opened 7 years ago Closed 7 years ago

keyserver.mozilla.org information disclose

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: dipakprajapati803, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Dipak Prajapati

Reporter

Description

•

7 years ago

Hello leets vulnerability is : INFORMATION DISCLOSE. BY GUESSING STRING INFORMATION IS GIVEN TO USER. example: 0xb4872bd2a53ff019 0xf22d2b24190d477f 0xf22d2b24190d477f 0x291dceb2b19fae84 0x7ab08aa5d51205f3 POC:https://youtu.be/JF6tC1dFqbI

Flags: sec-bounty?

Julien Vehent

Comment 1

•

7 years ago

Thank you for your report. The keyserver doesn't do input validation on the uid so you're seeing all sorts of junk sent by other users. The fact the data is public is, well, by design (it wouldn't be a very good public keyserver otherwise). I'm going to close this as invalid for now.

Group: websites-security

Status: UNCONFIRMED → RESOLVED

Closed: 7 years ago

Resolution: --- → INVALID

Jonathan Claudius [:claudijd] (use NEEDINFO)

Updated

•

7 years ago

Flags: sec-bounty? → sec-bounty-

David Lawrence [:dkl]

Updated

•

1 year ago

Keywords: reporter-external

You need to log in before you can comment on or make changes to this bug.

Bugzilla

https://keyserver.mozilla.org information disclose

Categories

(Websites :: Other, enhancement)

Tracking

(Not tracked)

People

(Reporter: dipakprajapati803, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated