Vulnerability discovery credited to Tamer Sahin <email@example.com>.
Working Resources Inc. BadBlue 1.7 .0
BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems.
Typically, a request made in BadBlue for a directory that has access control restrictions in place will either prompt a user for authentication credentials or deny access to the resources. However, by submitting a special request to the server, it is possible to circumvent these access control restrictions. It has been reported that domain names ending with a double slash allow this activity.
This vulnerability may be exploited with a web browser.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.