Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

eGroupWare_infoleak.txt

🗓️ 18 Apr 2005 00:00:00Reported by Gerald QuakenbushType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

The eGroupWare open-source software has a flaw that could expose confidential information by unintentionally sending attachments in emails

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`MasterMind Security Group, Inc.  
Security Brief  
  
Date: April 7, 2005  
Contact: Gerald Quakenbush <geraldq AT mastermindsecuritygroup.com>  
Severity: Moderate to Serious  
Product: Confirmed in eGroupWare 1.001 and 1.006  
  
Synopsis  
========  
The eGroupWare open-source software (www.egroupware.org) has a flaw that could  
expose confidential information.  
  
The eGroupWare suite provides many applications via a web interface. One such  
application is for email. A flaw in this application could result in the  
unwitting disclosure of files.  
  
If a user composes a message and attaches a file, then decides not to send the  
message, the attachment will get sent to the next person the user emails.  
There is no indication in the message window that the file from the previous  
message is still attached, unless the user clicks on the button to attach a  
file to the second message.  
  
Mitigation  
==========  
Until a patch is issued to resolve the problem, be aware of this issue. If you  
attach a file to a message and then decide not to send it, logout of  
eGroupWare then log back on before sending any new messages.  
  
Walk Through  
============  
  
Login to eGroupWare using an account that has email configured.  
  
Step 1. After logging in, select the email icon on the tool bar.  
  
Step 2. Click the Compose button to create a new message and attach a file. Do  
NOT click Send.  
  
Step 3. Without sending the message, return to the inbox. You can click the  
inbox link on the left of the email icon on the toolbar.  
  
Step 4. You are now back at the main inbox screen. Click on the Compose link  
again.  
  
Step 5. Enter an email address (a personal account or one of a trusted friend,  
preferably), a subject and brief message if you like and click Send.  
  
Step 6. Now check the email for the account you sent the message to above. The  
attachment from the canceled message in step 2 will be attached.  
  
-Quake  
  
--   
------------------------------------  
Gerald Quakenbush, CISSP, NSA-IAM  
MasterMind Security Group, Inc.  
888.295.6012 x701  
http://www.mastermindsecuritygroup.com  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Apr 2005 00:00Current
7.4High risk
Vulners AI Score7.4
egroupwareinformation disclosureemail attachment issueweb interfacesecurity flawmitigationpatchwalk through
20
.json
Report