Bugtraq mailing list archives

Another web-based mail reader hole

From: dave () VICTIM COM (Dave Pifke)
Date: Mon, 18 Jan 1999 15:24:09 -0800


-----BEGIN PGP SIGNED MESSAGE-----

This bug has been fixed in most webmail clients for quite some time now,
but I guess some people just don't see security as a design priority.

The free, web-based mail client at www.angelfire.com passes authentication
data in the URL.  So your authentication token hapilly gets logged if
you use a proxy server or follow a link in a mail message (via the HTTP
referrer header).

Without really bothering to look deeper, it's quite likely that the web
page editor at the same site uses the same authentication token or is
susceptible to the same bug.


- --
Dave Pifke, dave () victim com



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNqPCnDuW2fOIQC3pAQHHvAP/YNBorT+DzITci/LygFmwq/2uc16Ok3rf
yyYv1YwwyAc1xVPjqE4sd74UIRTUQWX/Bsqdx0jMEo0ujJF1nPgDOx2AADAG4Gq6
06JAsNoqCQizlOQ9c4anbQE1YqwfMdFA7MAx/gKGqbagyGfd6YKSUyH8hCSHUnlr
LWNkNKwpquY=
=9boA
-----END PGP SIGNATURE-----

Current thread:

Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Dec 12)
    - Re: Sendmail 8.8.x/8.9.x bugware Frank Louwers (Jan 18)
    - Win95/98 SMB Authentication Vulnerability (fwd) tschweik () FIDUCIA DE (Jan 18)
  - [SECURITY] ftpwatch package has major security problems Jamie Fifield (Jan 17)
  - Michal's report and sendmail-8.9.2 GvS (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Jens Hoffmann (Jan 16)
  - Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
  - Personal web server kiborg (Jan 17)
    - Re: Personal web server Dave Pifke (Jan 18)
    - Another web-based mail reader hole Dave Pifke (Jan 18)
    - Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
    - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
    - Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)

(Thread continues...)