Bugtraq mailing list archives
ArGoSoft Web-Mail security problem
From: Z0rbaS <zorbas () systat cl>
Date: Sun, 6 Oct 2002 23:05:14 -0400
ArGoSoft Web-Mail security problem. A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP (Version 1.8.1.9) I did not test other versions, this is the only I have, but others should be vulnerable too. The problem is in the Web-Mail interface, it is posible to execute javascript by sending it inside a mail, ArGoSoft does not filter that, and you can steal the cookie from the user, the cookie has a problem too, it saves the username and the password in plain text, you have only to decode the cookie, and you have something like that: mail@domain:password I would desactivate de Web-Mail interface until a patch is released. Francisco Claude zorbas () systat cl P.S. Sorry for my bad english.
Current thread:
- ArGoSoft Web-Mail security problem Z0rbaS (Oct 07)