2013-03-04 - [GRASE-Hotspot] #100: Client MAC address leaked in the HTTP referer?

Header Data

From: GRASE Trac <tr***c@grasehotspot.org>
Message Hash: e3f1c801d56c196ec586e69ef60b31da903e741e8833ef83cf57258a9b673d35
Message ID: <047.20df331f49b07db2c8c446dea2ab87db@grasehotspot.org>
Reply To: N/A
UTC Datetime: 2013-03-04 15:34:09 UTC
Raw Date: Mon, 04 Mar 2013 22:34:09 -0000

Raw message

#100: Client MAC address leaked in the HTTP referer?
---------------------------+-----------------
 Reporter:  chris adams    |      Owner:  tim
     Type:  defect         |     Status:  new
 Priority:  major          |  Milestone:  3.9
Component:  Other Backend  |    Version:  3.7
 Keywords:                 |
---------------------------+-----------------
 (n.b. http://grasehotspot.org/contact/ is broken and returns an HTTP 405
 when you attempt to submit the form)

 I happened across a request in one of our webserver logs from a Nokia
 smartphone which appears to be using hotspot running GRASE. It appears
 that the hotspot leaks the client MAC address in the HTTP referrer
 information:

 "http://10.1.0.1/grase/uam/hotspot?res=notyet&uamip=10.1.0.1&uamport=3990&challenge=ELIDED&called=ELIDED&mac=ELIDED&ip=10.1.1.126&nasid=nas01&sessionid=ELIDED&userurl=http%3a%2f%2fwww.bing.com%2f"

 I don't know if your current version does this but if so, it'd be a very
 good idea to run everything through a redirect script which can ensure
 that nothing confidential is leaked to third-party websites, particularly
 since MAC addresses are increasingly sensitive now that most cell phones
 have them.

-- 
Ticket URL: <http://trac.grasehotspot.org/ticket/100>
GRASE Hotspot <http://grasehotspot.org/>
GRASE Hotspot bug tracker

Thread

• Return to March 2013

• Return to “GRASE Trac <tr***c@grasehotspot.org>”

• 2013-03-04 (Mon, 04 Mar 2013 22:34:09 -0000) - [GRASE-Hotspot] #100: Client MAC address leaked in the HTTP referer? - GRASE Trac <tr***c@grasehotspot.org>