Re: Imail Cookie Vulnerability (unhashed)

From: Christophe Vandeplas (christophe_at_vandeplas.com)
Date: 07/06/05

  • Next message: Alexey Toptygin: "Re: /dev/random is probably not" 
    Date: Wed, 06 Jul 2005 00:57:36 +0000
To: Sintigan@insecure.net

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Sintigan@insecure.net wrote:
    > Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers.
    >
    > No exploit is needed
    > POC:
    >
    > "IMail_UserId
    > 1006332dgd2@Someserver"
    > --------------------------
    > "IMail_password
    > 1234"
    >
    > Straight From Cookie ^^ (edited to protect user)

    A vulnerability report has been send to Ipswitch on the date 8 june by
    Peter Bluckens and Christophe Vandeplas.
    We included a working exploit that allowed an attacker to grab the
    password from a user without him noticing it.

    They are currently working on a solution.

    Public advisory will be released as soon as they correct the code.

    Greets

    - --
    - -------------------------------------
    Christophe 'ElCascador' Vandeplas
    GSM: +32 (0)486/64.10.33
    email: christophe(at)vandeplas(dot)com
    http://www.vandeplas.com
    GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897
    - -------------------------------------
    *** PLEASE ***
    "Never send mass-mails/forward to this email address.
     Please add the email-address to the BCC field (Blind Carbon Copy)
     or send the mail separately to me."

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFCyyyAOyvlYhSROJcRAsZcAJ4tctTLGnl4QmRyxNABUCQJOuDicQCglM9D
    WCbZ9CRWMVqK0x8Qh/A513Q=
    =LAEB
    -----END PGP SIGNATURE-----

  • Next message: Alexey Toptygin: "Re: /dev/random is probably not"
    • Quantcast