Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| VSNL POP E-mail Client Discloses Account Authentication Information Via the Referer Field |
|---|
Categorie: Vulnerability
Posted: 2003-09-15 by ReCall
Views: 445
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in the VSNL POP e-mail client. A remote user can gain access to a target user's webmail account in certain cases.
It is reported that the software stores session authentication information in the URL. A remote user that can monitor the network can capture the URL and then access the target user's account. Also, when the target user clicks on a web server link contained within an e- mail message, the Referer field (containing the session ID) is provided to the destination web server. A remote user with access to the web server's log files can obtain the Referer field and then access the target user's account.
It is also reported that the session ID is only six digits. A remote user may be able to brute force guess the session ID.
Impact: A remote user may be able to caputre a target user's URL-based session ID and access the target user's account.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=431
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
