[39467] in bugtraq
Re: PHPXMAIL - Authentication Bypass
daemon@ATHENA.MIT.EDU (security@surefoot.com)
Wed Jul 6 21:16:17 2005
From: security@surefoot.com
To: bugtraq@securityfocus.com
Date: Wed, 6 Jul 2005 14:04:10 -0600
Cc: Steve <steve01@chello.at>
In-Reply-To: <op.sth6tcfgwosoee@www.xion.at>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200507061404.11649.security@surefoot.com>
Hi Steve
On Wednesday 06 July 2005 11:57, Steve <St> wrote:
> Author: Stefan Lochbihler
> Date: 6. Juli 2005
> Affected Software: PHPXMAIL
> Software Version: 0.7 -> 1.1
> Software URL: http://phpxmail.sourceforge.net/
> Attack: Authentication Bypass
[...details snipped...]
> The problem occurs when we try to log in with an overlong password
> because we get no response message from the server and the function dont
> exit.
>
> Now when we login with a username like postmaster@localhost and an
> overlong password
> we bypass the error handler and successfully log in.
[...]
> Solution: Maybe insert a maxsize tag to the passwords input field.
>
>
>
> Discovered by Steve
Erm... a maxsize tag will not prevent the attack at all.
J
--
There is no such thing as fortune. Try again.
