ModernBill Security Flaw Spotted
- By theWHIR.com , August 31, 2006
-
Share
|
Send |
Print |
Comments (0)
Reddit
Newsvine
Stumbleupon
Twitter
Facebook
Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.
ModernBill Security Flaw Spotted
August 31, 2006 -- (WEB HOST INDUSTRY REVIEW) -- Automated billing software provider ModernBill's (modernbill.com) payment gateway is missing a peer certificate verification, according to vulnerability intelligence provider Secunia (secunia.com).
Secunia says the security issue is caused by the CURL application being set to false when communicating with a payment gateway over SSL, causing the CURL library to not properly verify the peer certificate. This can be exploited in a man-in-the-middle attack to decrypt all communications between ModernBill and the payment gateway.
Secunia says the security flaw appears in versions 5.0.1 and 5.0.4. Other versions may also be affected. It is rated less critical by the company.
According to the vulnerability intelligence provider the best solution for now is to avoid configuring the application to use the payment gateway or to use another product until the vulnerabilities have been addressed.
 |
OLDER: AT&T Signs Deal With Homefield | | | NEWER: BitTorrent Builds up at 365 Main |  |
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.