[5531] in bugtraq
Re: Major security flaw in Cybercash 2.1.2
daemon@ATHENA.MIT.EDU (Tim Scanlon)
Sat Nov 8 11:16:28 1997
Date: Sat, 8 Nov 1997 00:35:20 -0500
Reply-To: tfs@mystic.sealsoft.com
From: Tim Scanlon <tfs@CHARM.SEALSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <f58bccfc52aba91d0973f9bf33160ddd@anon.efga.org>
On Fri, 7 Nov 1997 , Anonymous said:
>In CyberCash's server, when the "DEBUG" flag is on, the contents of
>all credit card transactions are written to a log file (named
>"Debug.log" by default).
>
>The easiest workaround I've found is to simply delete the existing
>Debug.log file. In my experience with the Solaris release, the
>CyberCash software does not create this file at start time when the
>DEBUG flag is set to 0.
>
ln -s Debug.log /dev/null
Works easier than deleting over and over I'd hazard.
Tim
---
________________________________________________________________
tfs@sealsoft.com (NeXTmail, MIME) Tim Scanlon
tfs@epic.org (PGP key by req) crypto is good
Seal Technologies Inc. I own my own words
