CVE-2010-2029 Information

Description

Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user’s cell phone.

Reference

http://cybozu.co.jp/products/dl/notice/detail/0034.html http://jvn.jp/en/jp/JVN87730223/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html http://secunia.com/advisories/39508 http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html http://www.osvdb.org/63933 https://exchange.xforce.ibmcloud.com/vulnerabilities/57976