ftgatepro.txt

`  
TITLE:  
FTGatePro Exposure of Sensitive Information  
  
SECUNIA ADVISORY ID:  
SA9719  
  
VERIFY ADVISORY:  
http://www.secunia.com/advisories/9719/  
  
CRITICAL:  
Less critical  
  
IMPACT:  
Exposure of sensitive information  
  
WHERE:  
From remote  
  
SOFTWARE:  
FTGatePro Mail Server 1.x  
  
DESCRIPTION:  
Two vulnerabilities have been identified in FTGatePro allowing  
malicious users to access sensitive information.  
  
1) It is possible for malicious users to see the configuration for  
FTGatePro. This may be done by making a HTTP request for  
"/tools/ftgatedump.fts?command=1" from the web admin interface.  
  
2) It is possible for a malicious user with access to FTGatepro and  
the local system to see all usernames and passwords. This may be done  
by making a HTTP request for "/tools/exportmbx.fts", a local file  
containing the information will then be created.  
  
This has been reported to affect version 1.2 build 1331.  
  
SOLUTION:  
Reportedly, the vulnerabilities have been fixed in version 1.2 build  
1335.  
  
Only allow trusted users to access FTGatePro and the local system.  
  
REPORTED BY / CREDITS:  
Phuong Nguyen  
  
----------------------------------------------------------------------  
  
Secunia recommends that you verify all advisories you receive, by  
clicking the link.  
Secunia NEVER sends attached files with advisories.  
Secunia does not advise people to install third party patches, only  
use those supplied by the vendor.  
  
Contact details:  
Web : http://www.secunia.com/  
E-mail : [email protected]  
Tel : +45 7020 5144  
Fax : +45 7020 5145  
  
----------------------------------------------------------------------  
  
`