"Jason Rogers" firstname.lastname@example.org
Narf Industries (NRFIN)
In today's world of social networking, messaging is almost never point-to-point. Instead we are constantly subscribing to blogs, news feeds, chat rooms, and page updates. And yet, it's so hard to throttle the volume of messages we receive and control who gets the messages we send. Well all that chaos is about to end.
The Chatty Cats, makers of Sir Talks Too Much, will like to introduce MyCast, our new Multicast Chat Server. With MyCast you are able to subscribe to the channels you care about (if permitted), while deciding if you would like to receive every message or only the latest or highest priority ones.
MyCast allows users to create their own personalized channels. Using our BEST API, you can
The first vulnerability in this CB is Type 2 caused be an uninitialized variable containing sensitive data. In the sendWrongPasswordMessage function the 'message' variable will contain the address of the administrators password that was sent to the strcmp function in the previous call. When the check for whether 'message' is NULL is performed, it will pass resulting in the administrator's password being leaked back to the user in the "wrong password" error message. By attempting to authenticate to the Flag channel with an invalid password, the user will trigger this leak. The user can then use this password to authenticate to the Flag channel that is sending the contents of the flag.
Use of Uninitialized Variable Improper Initialization Information Exposure Through an Error Message Information Exposure
CWE-200: Information Exposure CWE-209: Information Exposure Through an Error Message CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization
Leaking the password will require making a proper authentication request with channel name set to "FLAG." Even then the reasoning engine must understand the significance of the data and how to reflect it in a subsequent authentication request for the "FLAG" channel.
Once authenticated to the channel, the user will need to use the response from the authentication request to make a token request. The token received from the token request will need to be use for sending and receiving messages from the FLAG channel.
The user must send a message to a valid channel, before a message containing flag data will be available to get from the FLAG channel. To do so they must create a proper sendMessage request that contains a valid user token. Once a message has been sent they can get a message from the FLAG channel using a proper getMessage request with the channel set to FLAG that contains a valid user token.
Curated by Lunge Technology, LLC. Questions or comments? Send us email