MailWorks Pro Cookie Modification Privilege Escalation

2004-09-02T21:23:00
ID OSVDB:9559
Type osvdb
Reporter Paul Craig(headpimp@pimp-industries.com)
Modified 2004-09-02T21:23:00

Description

Vulnerability Description

MailWorks Professional contains a flaw related to Authentication using Cookies that allow an attacker to return values permitting Administrator access to the site. No further details have been provided.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SiteCubed has released a patch to address this vulnerability.

Short Description

MailWorks Professional contains a flaw related to Authentication using Cookies that allow an attacker to return values permitting Administrator access to the site. No further details have been provided.

References:

Vendor URL: http://www.mailworkspro.com/ Security Tracker: 1011145 Secunia Advisory ID:12458 Packet Storm: http://packetstormsecurity.nl/0409-exploits/MailWorks.txt Mail List Post: http://www.securityfocus.com/archive/1/373960/2004-09-02/2004-09-08/0 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0020.html ISS X-Force ID: 17217 CVE-2004-1661 Bugtraq ID: 11095