Security Issue in Icewarp

2002-02-12T00:00:00
ID SECURITYVULNS:DOC:2480
Type securityvulns
Reporter Securityvulns
Modified 2002-02-12T00:00:00

Description

Icewarp is one the world's most used web mail software. It's another product of Merak Mail developers.

There is an seccurity issue in Icewarp.

It's like this:

When you create a new user , icewarp gives him a static number. If this user does not logout after checking his inbox you can access his inbox.

I wrote this issue to developers of Icewarp they said me to increase the timeout value. In standart installation timeout value is defaulty very large. They said they don't think to use cookie system.

Here is how to use this issue:

Let's say that our users static number is 098d0f444ec627534540ac4f02f29fh7 if the user does not signout and if you get this 098d0f444c627534540ac4f02f29fh7 you can access inbox before it times out.

http://anyicewarpusingsite.com/view.html?id=098d0f444c627534540ac4f02f29fh7

This id never changes.

How to get a users id?

You must have an email account in icewarp using host. Than you can send a mail directly to user@anyicewarpusingsite.com . Wait for the reply. If it comes his id is in links (answer,forward..)

Also we know that most users in general do not signout.

So I think that this is an important issue.

Fix: In include.html find the default value 240 and make it lower. In a support message that came from icewarps developers thay said 240 could be in minutes!!

Credits: Hьseyin Uslu, and my customer in the web host i'm working..

Notice: Hьseyin Uslu is not responsible for any usage of this security issue. Developer of this software have been informed.


 Hьseyin Uslu

Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.