Re: PHPXMAIL - Authentication Bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHPXMAIL - Authentication Bypass
From: security@xxxxxxxxxxxx
Date: Wed, 6 Jul 2005 14:04:10 -0600
Cc: Steve <steve01@xxxxxxxxx>
In-reply-to: <op.sth6tcfgwosoee@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <op.sth6tcfgwosoee@xxxxxxxxxxx>
User-agent: KMail/1.8.1

Hi Steve

On Wednesday 06 July 2005 11:57, Steve <St> wrote:
> Author:       Stefan Lochbihler
> Date:         6. Juli 2005
> Affected      Software: PHPXMAIL
> Software      Version: 0.7 -> 1.1
> Software      URL: http://phpxmail.sourceforge.net/
> Attack:       Authentication Bypass

[...details snipped...]

> The problem occurs when we try to log in with an overlong password 
> because we get no response message from the server and the function dont
> exit.
>
> Now when we login with a username like postmaster@localhost and an
> overlong password
> we bypass the error handler and successfully log in.

[...]

> Solution: Maybe insert a maxsize tag to the passwords input field.
>
>
>
> Discovered by Steve

Erm... a maxsize tag will not prevent the attack at all.

J

-- 
There is no such thing as fortune.  Try again.

References:
- PHPXMAIL - Authentication Bypass
  - From: Steve

Prev by Date: Re: McAfee Intrushield IPS Abuse
Next by Date: Re: /dev/random is probably not
Previous by thread: PHPXMAIL - Authentication Bypass
Next by thread: Solaris Socket Hijack
Index(es):
- Date
- Thread