Published:2006/02/01 Last Updated:2008/05/21
JVN#77886599
Hatena Toolbar sends URL information unecnrypted
Overview
Hatena Toolbar improperly sends URL information to the Hatena server without being encrypted when a user views a web page secured by SSL.
Products Affected
- Hatena Toolbar v1.5.4 and earlier
Description
Impact
When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Hatena co.,ltd. | Vulnerable | 2006/02/04 |
| Vendor | Link |
| Hatena |
http://www.hatena.ne.jp/tool/toolbar#changelog |
References
JPCERT/CC Addendum
Credit
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000603 |