<<< Date Index >>>     <<< Thread Index >>>

Re: squirrelmail CSRF vulnerability



On Thu, 10 May 2007 p3rlhax@xxxxxxxxx wrote:

IV. DETECTION

Latest version of squirrel mail 1.4.8-4.fc6 and prior are found vulnerable.

V. WORKAROUND

I.  Application should check for Referer Header in every post login request.

Referer headers can be forged via Flash, so it is not a good idea to
rely on these for security.


II. Application should use CSRF token which is random enough to identify every 
legitimate post login request.

According to: http://squirrelmail.org/security/issue/2006-12-02 version
1.4.8-4 is vulnerable to a XSS vulnerability, so an attacker could use the
XSS vector to grab the session token ("CSRF token") and continue the CSRF attack.

--
 - Josh