Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23784
HistoryApr 10, 2020 - 12:36 a.m.

Information Disclosure

2020-04-1000:36:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22

EPSS

0.005

Percentile

75.5%

squirrelmail is vulnerable to information disclosure. It was discovered that SquirrelMail allowed cookies over insecure connections (ie did not restrict cookies to HTTPS connections). An attacker who controlled the communication channel between a user and the SquirrelMail server, or who was able to sniff the user’s network communication, could use this flaw to obtain the user’s session cookie, if a user made an HTTP request to the server.

References