|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Imail Cookie Vulnerability (unhashed)
From: Christophe Vandeplas (christophe
vandeplas.com)
Date: Tue Jul 05 2005 - 19:57:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sintiganinsecure.net wrote:
> Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers.
>
> No exploit is needed
> POC:
>
> "IMail_UserId
> 1006332dgd2Someserver"
> --------------------------
> "IMail_password
> 1234"
>
> Straight From Cookie ^^ (edited to protect user)
A vulnerability report has been send to Ipswitch on the date 8 june by
Peter Bluckens and Christophe Vandeplas.
We included a working exploit that allowed an attacker to grab the
password from a user without him noticing it.
They are currently working on a solution.
Public advisory will be released as soon as they correct the code.
Greets
- --
- -------------------------------------
Christophe 'ElCascador' Vandeplas
GSM: +32 (0)486/64.10.33
email: christophe(at)vandeplas(dot)com
http://www.vandeplas.com
GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897
- -------------------------------------
*** PLEASE ***
"Never send mass-mails/forward to this email address.
Please add the email-address to the BCC field (Blind Carbon Copy)
or send the mail separately to me."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCyyyAOyvlYhSROJcRAsZcAJ4tctTLGnl4QmRyxNABUCQJOuDicQCglM9D
WCbZ9CRWMVqK0x8Qh/A513Q=
=LAEB
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]