ModernBill Security Flaw Spotted
August 31, 2006 — (WEB HOST INDUSTRY REVIEW) — Automated billing software provider ModernBill’s (modernbill.com) payment gateway is missing a peer certificate verification, according to vulnerability intelligence provider Secunia (secunia.com).
Secunia says the security issue is caused by the CURL application being set to false when communicating with a payment gateway over SSL, causing the CURL library to not properly verify the peer certificate. This can be exploited in a man-in-the-middle attack to decrypt all communications between ModernBill and the payment gateway.
Secunia says the security flaw appears in versions 5.0.1 and 5.0.4. Other versions may also be affected. It is rated less critical by the company.
According to the vulnerability intelligence provider the best solution for now is to avoid configuring the application to use the payment gateway or to use another product until the vulnerabilities have been addressed.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
