q000166

Security vulnerability in ICEcap

This article applies to: ICEcap.

SUMMARY

Network ICE has released a patch that eliminates a security vulnerability in ICEcap v2.0.23 and below. This vulnerability could allow a malicious hacker to inject unauthenticated events into the system.

DETAILS

Issue

For debugging purposes, the systems allows unencrypted and poorly authenticated events to be posted to ICEcap. In version 2.0.23, this feature was left on by mistake. This patch eliminates this vulnerability.

Affected Software Versions

ICEcap version 2.0.23 an below.

Solution

If you have version 2.0.23 or below, upgrade to the patched version described in KB article q000167.

More Information

Security information about Network ICE's products can be found at http://advice.networkice.com/advice/Support/Security.

Acknowledgements

Network ICE would like to thank rain.forest.puppy for bringing this issue to our attention working with us to protect our customers.

 
Keywords: ICEcap, injection 
Version:  2.0.23 
Fixed:    2.0.23a 
Modified: 2000-05-15