lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAAtZkjT-tFzcxmdO1aTEp6-4bN9TGEgkhdix9oy6V_AF9B0+iw@mail.gmail.com>
Date: Thu, 9 Apr 2015 13:27:22 +0200
From: Cristiano Maruti <cmaruti@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Network Solutions Webmail - A tale about chained web
	vulnerabilities

===============================================================================
                  title: Network Solutions Webmail - A tale about
chained web vulnerabilities
                case id: CM-2015-01
                product: Network Solutions Webmail
     vulnerability type: Multiple
               severity: Low to High
                  found: 2015-01-16
                     by: Cristiano Maruti (@cmaruti)
===============================================================================

[EXECUTIVE SUMMARY]

While reviewing the Network Solutions webmail, I identified various security
issues ranging from low to high severity. Some of them, chained together, could
allow an attacker to arbitrary change the password of any e-mail accounts
hosted on the service provider. All things considered – the volume of customers
managed by the company and the kind of data affected by vulnerabilities –
customer's data is put at risk and these issues must be addressed immediately.
Below a summary of the key findings:
- Weak password change mechanism
- Password complexity requirement not enforced
- Ability to reset a mailbox password to an arbitrary value
- Ability to enumerate and identify valid mailbox ID and corresponding e-mail
  address
- Improper input validation (reflected XSS)
- End-user forced to execute unwanted action (CSRF)

[TECHNICAL DETAILS]

The full report with technical details about the vulnerabilities I have
identified is available at:
https://github.com/cmaruti/reports/blob/master/netsol_web_mail.pdf

[DISCLOSURE TIMELINE]

2015-01-21 Report submitted to vendor via e-mail (point of contact is
the manager of abuse and fraud.
2015-01-22 Vendor requested more info about the vulnerabilities.
2015-01-23 Vendor triaged the vulnerabilities and the new point of
contact is the VP of Security
                 Engineering & CSO
2015-02-26 Vendor fixed the vulnerabilities reported.
2015-04-09 Public disclosure

[SOLUTION]

Vendor addressed the vulnerabilities reported.

[REPORT URL]

https://github.com/cmaruti/reports/blob/master/netsol_web_mail.pdf

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ