Brightmail leaks other user's spam

To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: Brightmail leaks other user's spam
From: Thomas Springer <tuevsec@xxxxxxx>
Date: Thu, 01 Jul 2004 15:19:56 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Unternehmensgruppe TUEV Sueddeutschland
User-agent: Mozilla Thunderbird 0.7 (Windows/20040616)

Brightmail Spamfilter 6.0 offer a possibility to manage mailsidentified as spam in a http-driven "control-center" on theBrightmail-Server via links like

http://SERVER:41080/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-3;3-0

Simply altering the last numbers in the URL (3;3 to 4;4, eg.) showsother domain-users Spam-Mail without any authentication.


Confirmed with Version 6.0.0.100 and previous beta-versions.

Brightmails support is aware of the problem, but didn't bother toconfirm the problem in the 6.0 final.


Thomas Springer
--
Nach mir der Synflood.

Prev by Date: [HW-MED] XSS in Netegrity IdentityMinder
Next by Date: Re: php codes injection in phpMyAdmin version 2.5.7.
Previous by thread: [HW-MED] XSS in Netegrity IdentityMinder
Next by thread: DoS against Domino 6.5.1
Index(es):
- Date
- Thread