Published:2006/01/12  Last Updated:2008/05/21

JVN#6CA72ADB
Nagasaki Electronic Prefectural Office System authentication information vulnerability

Overview

Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users.

Products Affected

  • Nagasaki Electronic Prefectural Office System's web personnel directory

Description

Impact

A remote attacker could impersonate genuine users. As a result, the attacker could view or modify the information.

Solution

Vendor Status

Vendor Link
Nagasaki Electronic Prefectural Office System Open Source Toppage

References

JPCERT/CC Addendum

Credit

Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000600

Update History