[BLACKBOX] severe security hole in BB

From: [at]} <Josef>
Date: Mon, 16 Jun 2008 14:32:37 +0200

----boundary-LibPST-iamunique-1737989166_-_-
Content-type: text/plain

Hi everybody!

I would like to point out a severe security hole in BB.

Password fields are printed as clear text!

The problem seems to be in HostCFrames.Print,
where Controls are printed in a rather crude form
without looking at the guard and without looking
at the 'password' property of the text field control.

regards

- Josef Templ

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-1737989166_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIEhpIGV2ZXJ5Ym9keSFccGFyDQpccGFyDQpJIHdv
dWxkIGxpa2UgdG8gcG9pbnQgb3V0IGEgc2V2ZXJlIHNlY3VyaXR5IGhvbGUgaW4gQkIuXHBhcg0K
XHBhcg0KUGFzc3dvcmQgZmllbGRzIGFyZSBwcmludGVkIGFzIGNsZWFyIHRleHQhXHBhcg0KXHBh
cg0KVGhlIHByb2JsZW0gc2VlbXMgdG8gYmUgaW4gSG9zdENGcmFtZXMuUHJpbnQsXHBhcg0Kd2hl
cmUgQ29udHJvbHMgYXJlIHByaW50ZWQgaW4gYSByYXRoZXIgY3J1ZGUgZm9ybVxwYXINCndpdGhv
dXQgbG9va2luZyBhdCB0aGUgZ3VhcmQgYW5kIHdpdGhvdXQgbG9va2luZ1xwYXINCmF0IHRoZSAn
cGFzc3dvcmQnIHByb3BlcnR5IG9mIHRoZSB0ZXh0IGZpZWxkIGNvbnRyb2wuXHBhcg0KXHBhcg0K
cmVnYXJkc1xwYXINClxwYXINCi0gSm9zZWYgVGVtcGxccGFyDQpccGFyDQpccGFyDQotLS0tXHBh
cg0KVG8gdW5zdWJzY3JpYmUsIHNlbmQgYSBtZXNzYWdlIHdpdGggYm9keSAiU0lHTk9GRiBCTEFD
S0JPWCIgdG8gTElTVFNFUlZATElTVFMuT0JFUk9OLkNIfX0AnRRhkA==
----boundary-LibPST-iamunique-1737989166_-_---

Received on Mon Jun 16 2008 - 14:32:37 UTC