Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Another web-based mail reader hole

Another web-based mail reader hole

Dave Pifke (daveVICTIM.COM)
Mon, 18 Jan 1999 15:24:09 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brock Rozen: "Re: Sendmail 8.8.x/8.9.x bugware"
Previous message: Dave Pifke: "Re: Personal web server"
Next in thread: Peter van Dijk: "Re: Another web-based mail reader hole"

-----BEGIN PGP SIGNED MESSAGE-----

This bug has been fixed in most webmail clients for quite some time now,
but I guess some people just don't see security as a design priority.

The free, web-based mail client at www.angelfire.com passes authentication
data in the URL.  So your authentication token hapilly gets logged if
you use a proxy server or follow a link in a mail message (via the HTTP
referrer header).

Without really bothering to look deeper, it's quite likely that the web
page editor at the same site uses the same authentication token or is
susceptible to the same bug.


- --
Dave Pifke, davevictim.com



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNqPCnDuW2fOIQC3pAQHHvAP/YNBorT+DzITci/LygFmwq/2uc16Ok3rf
yyYv1YwwyAc1xVPjqE4sd74UIRTUQWX/Bsqdx0jMEo0ujJF1nPgDOx2AADAG4Gq6
06JAsNoqCQizlOQ9c4anbQE1YqwfMdFA7MAx/gKGqbagyGfd6YKSUyH8hCSHUnlr
LWNkNKwpquY=
=9boA
-----END PGP SIGNATURE-----

Next message: Brock Rozen: "Re: Sendmail 8.8.x/8.9.x bugware"
Previous message: Dave Pifke: "Re: Personal web server"
Next in thread: Peter van Dijk: "Re: Another web-based mail reader hole"