Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Alt-N MDaemon WorldClient Predictable Session ID

🗓️ 21 Feb 2013 00:00:00Reported by Demetris PapapetrouType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Alt-N MDaemon WorldClient session ID vulnerability in versions 13.0.3 and prior allows session hijacking attack via predictable session IDs transmitted in the URL. Impact reduced by IP association with session IDs

Code
`======================================================================  
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability  
======================================================================  
  
Software: Alt-N MDaemon v13.0.3 and prior versions  
Vendor: http://www.altn.com/  
Vuln Type: Session ID Prediction  
Remote: Yes  
Local: No  
Discovered by: QSecure and Demetris Papapetrou  
References: http://www.qsecure.com.cy/advisories/Alt-N_MDaemon_WorldClient_Predictable_Session_ID.html  
Discovered: 25/07/2012  
Reported: 19/12/2012  
Fixed: 15/01/2013 (http://files.altn.com/MDaemon/Release/RelNotes_en.html)  
Disclosed: 18/02/2013  
  
VULNERABILITY DESCRIPTION:  
==========================  
Alt-N WorldClient is the web interface of the MDaemon email server. It  
has been identified that application session state is not maintained  
by the user's session cookie but by the URL "Session" parameter  
instead. This parameter is transmitted with every user request sent to  
the WorldClient web application and under certain circumstances future  
session IDs can be successfully predicted.  
  
The use of predictable session IDs for authentication makes  
WorldClient prone to session hijacking attacks. If the attacker can  
generate a current valid session ID then he/she may be able to access  
webmail accounts without possessing a valid username/password. The  
impact of the attack is significantly reduced because WorldClient  
associates the client's IP address with each session ID produced.  
However, certain network setups or other scenarios may exist that  
could render the IP restriction ineffective.  
  
Alt-N MDaemon v13.0.3 & v12.5.6 were tested and found vulnerable;  
other versions may also be affected.  
  
Pre-Requisites:  
---------------  
1) The attacker needs to get a current or expired session ID.  
a) Google Search: "WorldClient.dll?Session="  
b) Steal an HTTP request and observe the Referer field  
2) The MDaemon service or the machine has not been restarted since the  
captured session ID was generated (There may be a way to deal with  
this but further research is needed).  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Feb 2013 00:00Current
7.4High risk
Vulners AI Score7.4
alt-n mdaemonworldclientsession idvulnerabilitysession hijackingurl parameterpredictableauthenticationwebmailip addressexploitqsecuredemetris papapetrou
33