[24221] in bugtraq
Security Issue in Icewarp
daemon@ATHENA.MIT.EDU (Huseyin Uslu)
Sat Feb 9 16:18:55 2002
From: "Huseyin Uslu" <raistlinthewiz@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sat, 09 Feb 2002 19:46:42 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F84FMjLQZwbVcxjXHzf00000049@hotmail.com>
Icewarp is one the world's most used web mail software.
It's another product of Merak Mail developers.
There is an seccurity issue in Icewarp.
It's like this:
When you create a new user , icewarp gives him a static number.
If this user does not logout after checking his inbox you can
access his inbox.
I wrote this issue to developers of Icewarp they said me to
increase the timeout value. In standart installation timeout value is
defaulty very large.
They said they don't think to use cookie system.
Here is how to use this issue:
Let's say that our users static number is 098d0f444ec627534540ac4f02f29fh7
if the user does not signout and if you get this
098d0f444c627534540ac4f02f29fh7
you can access inbox before it times out.
http://anyicewarpusingsite.com/view.html?id=098d0f444c627534540ac4f02f29fh7
This id never changes.
How to get a users id?
----------------------
You must have an email account in icewarp using host. Than you can send a
mail directly to user@anyicewarpusingsite.com . Wait for the reply.
If it comes his id is in links (answer,forward..)
Also we know that most users in general do not signout.
So I think that this is an important issue.
Fix:
In include.html find the default value 240 and make it lower. In a support
message that came from icewarps developers thay said 240 could be in
minutes!!
Credits:
Hüseyin Uslu,
and my customer in the web host i'm working..
Notice:
Hüseyin Uslu is not responsible for any usage of this security issue.
Developer of this software have been informed.
-------------------------
Hüseyin Uslu
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
