Full Disclosure mailing list archives
Network Solutions Webmail - A tale about chained web vulnerabilities
From: Cristiano Maruti <cmaruti () gmail com>
Date: Thu, 9 Apr 2015 13:27:22 +0200
=============================================================================== title: Network Solutions Webmail - A tale about chained web vulnerabilities case id: CM-2015-01 product: Network Solutions Webmail vulnerability type: Multiple severity: Low to High found: 2015-01-16 by: Cristiano Maruti (@cmaruti) =============================================================================== [EXECUTIVE SUMMARY] While reviewing the Network Solutions webmail, I identified various security issues ranging from low to high severity. Some of them, chained together, could allow an attacker to arbitrary change the password of any e-mail accounts hosted on the service provider. All things considered – the volume of customers managed by the company and the kind of data affected by vulnerabilities – customer's data is put at risk and these issues must be addressed immediately. Below a summary of the key findings: - Weak password change mechanism - Password complexity requirement not enforced - Ability to reset a mailbox password to an arbitrary value - Ability to enumerate and identify valid mailbox ID and corresponding e-mail address - Improper input validation (reflected XSS) - End-user forced to execute unwanted action (CSRF) [TECHNICAL DETAILS] The full report with technical details about the vulnerabilities I have identified is available at: https://github.com/cmaruti/reports/blob/master/netsol_web_mail.pdf [DISCLOSURE TIMELINE] 2015-01-21 Report submitted to vendor via e-mail (point of contact is the manager of abuse and fraud. 2015-01-22 Vendor requested more info about the vulnerabilities. 2015-01-23 Vendor triaged the vulnerabilities and the new point of contact is the VP of Security Engineering & CSO 2015-02-26 Vendor fixed the vulnerabilities reported. 2015-04-09 Public disclosure [SOLUTION] Vendor addressed the vulnerabilities reported. [REPORT URL] https://github.com/cmaruti/reports/blob/master/netsol_web_mail.pdf _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Network Solutions Webmail - A tale about chained web vulnerabilities Cristiano Maruti (Apr 09)