Re: Imail Cookie Vulnerability (unhashed)

To: Sintigan@xxxxxxxxxxxx
Subject: Re: Imail Cookie Vulnerability (unhashed)
From: Christophe Vandeplas <christophe@xxxxxxxxxxxxx>
Date: Wed, 06 Jul 2005 00:57:36 +0000
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050705040332.1429.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050705040332.1429.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050703)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sintigan@xxxxxxxxxxxx wrote:
> Neither Regular or secure mode of Imail properly give out a hash on cookies 
> leaving the cookies straight readable to any onlookers.
> 
> No exploit is needed
> POC: 
> 
> "IMail_UserId
> 1006332dgd2@Someserver"
> --------------------------
> "IMail_password
> 1234"
> 
> Straight From Cookie ^^ (edited to protect user)

A vulnerability report has been send to Ipswitch on the date 8 june by
Peter Bluckens and Christophe Vandeplas.
We included a working exploit that allowed an attacker to grab the
password from a user without him noticing it.

They are currently working on a solution.

Public advisory will be released as soon as they correct the code.

Greets

- --
- -------------------------------------
Christophe 'ElCascador' Vandeplas
GSM: +32 (0)486/64.10.33
email: christophe(at)vandeplas(dot)com
http://www.vandeplas.com
GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4  D698 3B2B E562 1491 3897
- -------------------------------------
*** PLEASE ***
"Never send mass-mails/forward to this email address.
 Please add the email-address to the BCC field (Blind Carbon Copy)
 or send the mail separately to me."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyyyAOyvlYhSROJcRAsZcAJ4tctTLGnl4QmRyxNABUCQJOuDicQCglM9D
WCbZ9CRWMVqK0x8Qh/A513Q=
=LAEB
-----END PGP SIGNATURE-----

References:
- Imail Cookie Vulnerability (unhashed)
  - From: Sintigan

Prev by Date: VoIP-Phones: Weakness in proccessing SIP-Notify-Messages
Next by Date: PHPXMAIL - Authentication Bypass
Previous by thread: Imail Cookie Vulnerability (unhashed)
Next by thread: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.]
Index(es):
- Date
- Thread