[9113] in bugtraq
Another web-based mail reader hole
daemon@ATHENA.MIT.EDU (Dave Pifke)
Tue Jan 19 12:47:42 1999
Date: Mon, 18 Jan 1999 15:24:09 -0800
Reply-To: Dave Pifke <dave@VICTIM.COM>
From: Dave Pifke <dave@VICTIM.COM>
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
This bug has been fixed in most webmail clients for quite some time now,
but I guess some people just don't see security as a design priority.
The free, web-based mail client at www.angelfire.com passes authentication
data in the URL. So your authentication token hapilly gets logged if
you use a proxy server or follow a link in a mail message (via the HTTP
referrer header).
Without really bothering to look deeper, it's quite likely that the web
page editor at the same site uses the same authentication token or is
susceptible to the same bug.
- --
Dave Pifke, dave@victim.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNqPCnDuW2fOIQC3pAQHHvAP/YNBorT+DzITci/LygFmwq/2uc16Ok3rf
yyYv1YwwyAc1xVPjqE4sd74UIRTUQWX/Bsqdx0jMEo0ujJF1nPgDOx2AADAG4Gq6
06JAsNoqCQizlOQ9c4anbQE1YqwfMdFA7MAx/gKGqbagyGfd6YKSUyH8hCSHUnlr
LWNkNKwpquY=
=9boA
-----END PGP SIGNATURE-----
