Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRichard O'DonnellPACKETSTORM:125235
HistoryFeb 15, 2014 - 12:00 a.m.

Symantec PGP Universal Web Messenger Unauthorized Access

2014-02-1500:00:00
Richard O'Donnell
packetstormsecurity.com
35

EPSS

0.002

Percentile

61.5%

JSON
`Vulnerability title: Unauthorised Access To Other Users Email Messages  
in Symantec PGP Universal Web Messenger  
CVE: CVE-2014-1643  
Vendor: Symantec  
Product: PGP Universal Web Messenger  
Affected version: All Prior to 3.3.2  
Fixed version: 3.3.2  
Reported by: Richard O'Donnell  
  
Details:  
  
Authenticated Web Messenger users are able to view other users email  
messages, by following these steps:  
  
  
1) Log into the Web Messenger console  
2) View the list of sent emails  
3) Click on any of the sent emails  
4) Click on the `Print' option and then copy the URL from the page that  
appears.  
  
  
The URL will look similar to this:  
  
https://x.x.x.x/b/ps.e?sid=BoomerangMail:72e56j3a-a3r6-5d43-6ef4-aae9c23422ca&showScrollbars=true&dialogId=SentPrintableView1747635619&OWASP_CSRFTOKEN=M22N-J4L3-R3T2-P1AZ-TP1Q-TEFG-IUGH-N6EF  
  
  
5) Using this URL, brute-force the following part of the `sid' parameter:  
  
72e56j3a-a3r6-5d43-6ef4-aae9c23422ca  
  
  
6) Upon identifying a valid value, access to the corresponding email  
message will be obtained.  
  
  
Although there is a risk of obtaining unauthorised access to another  
users email, the likelihood of successfully brute-forcing a correct  
`sid' value is considered low, due to its complexity.  
  
  
It is also noted that encryption of messages was not enabled when this  
issue was identified and no additional testing was performed with this  
option enabled.  
  
  
Further details at:  
http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1643/  
  
  
Copyright:  
Copyright (c) Portcullis Computer Security Limited 2014, All rights  
reserved worldwide. Permission is hereby granted for the electronic  
redistribution of this information. It is not to be edited or altered in  
any way without the express written consent of Portcullis Computer  
Security Limited.  
  
Disclaimer:  
The information herein contained may change without notice. Use of this  
information constitutes acceptance for use in an AS IS condition. There  
are NO warranties, implied or otherwise, with regard to this information  
or its use. Any use of this information is at the user's risk. In no  
event shall the author/distributor (Portcullis Computer Security  
Limited) be held liable for any damages whatsoever arising out of or in  
connection with the use or spread of this information.  
`

Related

cve 1
prion 1
symantec 1
nvd 1
cvelist 1
nessus 1
cve
cve
CVE-2014-1643
2014-02-07 04:52:04
prion
prion
Code injection
2014-02-07 04:52:00
symantec
symantec
Symantec Encryption Management Server Web Email Protection View User’s Email
2014-02-05 08:00:00
nvd
nvd
CVE-2014-1643
2014-02-07 04:52:04
cvelist
cvelist
CVE-2014-1643
2014-02-07 02:00:00
nessus
nessus
Symantec Encryption Management Server < 3.3.2 Information Disclosure
2014-02-14 00:00:00

EPSS

0.002

Percentile

61.5%

JSON
Related for PACKETSTORM:125235
cve1prion1symantec1nvd1cvelist1nessus1