Overview
Ebay (www.ebay.com)is a popular online auction site. A vulnerability in the ebay web site prior to April 24, 2002, could have allowed an intruder to gain access to a victim's personal data.
Description
Prior to April 24, 2002, an intruder may have been able to gain access to certain personal data of ebay users, including transaction history and shipping addresses, but not including credit card data. By submitting a certain type of invalid login request to the ebay web site, an intruder could log in as a legitimate user to the "My Ebay" portion of the web site. There is no evidence that anyone used this vulnerability to gain unauthorized access to data. |
Impact
Personal information of ebay users may have been exposed to third parties. |
Solution
No action is required on the part of ebay users. Ebay corrected the flaw on April 24, 2002. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Brent Barnett IT Consultant for reporting this vulnerability and technical assistance.
This document was written by Shawn Hernan.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.90 |
| Date Public: | 2002-07-11 |
| Date First Published: | 2002-07-11 |
| Date Last Updated: | 2010-10-07 13:09 UTC |
| Document Revision: | 13 |