Security Problem Report SPR-2002-01-10


 
Title : Able to login as another user, see personal information at MapBlast.com
Report : SPR-2002-01-10
Vendor : www.MapBlast.com
Status : problem reported, MapBlast was responsive to final pre-publishing warning, confirmed bug but could not duplicate or identify cause, report published a month later
References : None
CVE : None
 
The IT Consulting Group of The Elvey Partnership has discovered a security breach at www.MapBlast.com that exposes the profile, including the address of a registered user to the public.

The system sometimes sets the autologin cookie of one user to the cookie of another user.

The problem was identified on 10 Jan 02, and reported to MapBlast that day.