Session hijacking in Alt-N's MDaemon 2.8

2000-08-10T00:00:00
ID SECURITYVULNS:DOC:531
Type securityvulns
Reporter Securityvulns
Modified 2000-08-10T00:00:00

Description

Hi,

Here's a bugreport and a fix for MDaemon 2.8.

Problem:

It is possible to hijack an HTTP session from MDaemon / WorldClient Standard version 2.8

Description:

MDaemon 2.8 comes with WorldClient Standard which allows you to read your mail using a browser. When you receive an HTML formatted page and click on a link, WorldClient sends the session ID in the referrer field of the HTTP request. This ID can then be used to open the users mailbox from any other location.

Vendor status:

Contacted and a fix was released one day after reporting the problem (compliments to Alt-N!)

Solution:

Download the fix for MDaemon 2.8 and upgrade to 2.8.7.5. You will need MDaemon version 2.8.5.0 to install this fix.

ftp://ftp.altn.com/MDaemon/Archive/2.8/md2875patchNT.exe - NT version ftp://ftp.altn.com/MDaemon/Archive/2.8/md2875patch9X.exe - 9X version

Note:

Users of MDaemon version 3 should also upgrade to the latest version as this problem also existed in MDaemon 3. It was fixed a few months ago.

Jeroen Schipper

-- :: http://www.let.uu.nl/~Jeroen.Schipper, Network Administrator :: Utrecht University, Center for Information Technology and Multimedia :: Office: KNG80, k2.09 / Phone/fax: +31(30) 253 6031 / 9191


Delivery co-sponsored by VeriSign - The Internet Trust Company

Upgrade your server security to 128-bit SSL encryption!

Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n046607800016000