| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42CB2C80.5040303@vandeplas.com> Date: Wed, 06 Jul 2005 00:57:36 +0000 From: Christophe Vandeplas <christophe@...deplas.com> To: Sintigan@...ecure.net Cc: bugtraq@...urityfocus.com Subject: Re: Imail Cookie Vulnerability (unhashed) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sintigan@...ecure.net wrote: > Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers. > > No exploit is needed > POC: > > "IMail_UserId > 1006332dgd2@...eserver" > -------------------------- > "IMail_password > 1234" > > Straight From Cookie ^^ (edited to protect user) A vulnerability report has been send to Ipswitch on the date 8 june by Peter Bluckens and Christophe Vandeplas. We included a working exploit that allowed an attacker to grab the password from a user without him noticing it. They are currently working on a solution. Public advisory will be released as soon as they correct the code. Greets - -- - ------------------------------------- Christophe 'ElCascador' Vandeplas GSM: +32 (0)486/64.10.33 email: christophe(at)vandeplas(dot)com http://www.vandeplas.com GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897 - ------------------------------------- *** PLEASE *** "Never send mass-mails/forward to this email address. Please add the email-address to the BCC field (Blind Carbon Copy) or send the mail separately to me." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCyyyAOyvlYhSROJcRAsZcAJ4tctTLGnl4QmRyxNABUCQJOuDicQCglM9D WCbZ9CRWMVqK0x8Qh/A513Q= =LAEB -----END PGP SIGNATURE-----
Powered by blists - more mailing lists