|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Brightmail leaks other user's spam
From: Thomas Springer (tuevsec
gmx.net)
Date: Thu Jul 01 2004 - 08:19:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brightmail Spamfilter 6.0 offer a possibility to manage mails
identified as spam in a http-driven "control-center" on the
Brightmail-Server via links like
http://SERVER:41080/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-3;3-0
Simply altering the last numbers in the URL (3;3 to 4;4, eg.) shows
other domain-users Spam-Mail without any authentication.
Confirmed with Version 6.0.0.100 and previous beta-versions.
Brightmails support is aware of the problem, but didn't bother to
confirm the problem in the 6.0 final.
Thomas Springer
--
Nach mir der Synflood.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]