OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arne Vidstrom (arne.vidstromntsecurity.nu)
Date: Thu Oct 11 2001 - 15:01:26 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi all,

    There are a couple of vulnerabilities in Ipswitch IMail Server 7.04.

    *** In the POP3 Server ***

    If you enter a valid username the reply is:

    +OK welcome

    On the other hand, if you enter a username that doesn't exist on the server
    the reply is:

    +OK send your password

    This gives you a way to probe for existing accounts on the server.

    *** In the Web Messaging Server ***

    Log in on one account in the Web Messaging Server and Select Change User
    Information. Save the HTML page on disk and change the value of the hidden
    INPUT tag called "olduser" to the name of another account. You also have to
    change the ACTION value of the FORM tag so it points to the server, and it
    must also contain the random string that you find in the URL to the ordinary
    page. Then load this changed page into the browser, fill in some new user
    information and click on the Save button. This way you can change the user
    information for any other user.

    *** Vendor response ***

    Ipswitch have created a patch that among other things fix these two
    vulnerabilities. You can find it at:
    http://www.ipswitch.com/support/IMail/patch-upgrades.html

    *** Other information ***

    This advisory can also be found at:
    http://ntsecurity.nu/advisories/a16.shtml

    Regards /Arne Vidstrom, http://ntsecurity.nu