HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #76
From team squareroots
New advisory by : manager
Affected service(s): VDspi
Severity [lmh] : low
===== Problem =====
flags are readable to system users. If a team gained shell access to the system the flag are readable from the shell.
===== Impact =====
retrieval of all service flags.
Even cross-service attacks are possible
===== Fix =====
declare flags/flagfiles as readable to user of specific service
Rating
[0] b0ring