lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4D0A5298.7080400@procheckup.com>
Date: Thu, 16 Dec 2010 17:55:36 +0000
From: research <research@...checkup.com>
To: <vuln@...unia.com>, <full-disclosure@...ts.grok.org.uk>,
	<bugtraq@...urityfocus.com>, <news@...uriteam.com>
Subject: PR10-06: Cross-domain redirect on PGP Universal Web Messenger

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-06


PR10-06 Cross-domain redirect on PGP Universal Web Messenger
Advisory publicly released: Thursday, 16 December 2010
Vulnerability found: Wednesday, 10 February 2010
Vendor informed: Wednesday, 10 February 2010
Vulnerability fixed: Tuesday, 14 December 2010
Severity level: Medium/High
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com).
Description
A remote URI redirection vulnerability affects the PGP Universal Web
Messenger. This issue is due to a failure of the application to properly
sanitize URI-supplied data assigned to the 'retryURL' parameter.

An attacker may leverage this issue to carry out convincing phishing
attacks against unsuspecting users by causing an arbitrary page to be
loaded once a PGP Universal Web Messenger specially-crafted URL is visited.

Vulnerable server-side script: '/b/lnj.e?'

Unfiltered parameter: 'retryURL'
Proof of concept
Example of specially-crafted URL:

https://target-domain.foo/b/lnj.e?retryURL=//www.procheckup.com

Consequences:

Victim users can be redirected to third-party sites for the purpose of
exploiting browser vulnerabilities or performing phishing attacks.
How to fix
The vendor has stated that this issue was addressed in the PGP Universal
Web Messenger.
References


Legal
Copyright 2010 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community
for the purpose of alerting them to problems, if and only if, the
Bulletin is not edited
or changed in any way, is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.


Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ