Insecure handling of notes in Plastic.com’s Slashcode

September 8, 2001

Author: JT Smith

From Net-Security.org: “The implementation of private notes on plastic.com’s
Slashcode-driven site is insecure. Any logged in user can
view any message in the system.

Description:
After logging into the site as a user,
http://www.plastic.com/message.pl?op=read&m_id=9999
(where m_id= a given message’s ID) will display the
message, even if you weren’t the user that the message
was sent to.”

Category:

Linux

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR