vulnerability announce CVE-2007-3796
MailMarshal: password retrieval
Synthesis of the vulnerability
An attacker can use a special query in order to force MailMarshal to send password of Spam Quarantine interface.Impacted products:
Description of the vulnerability
To access the web interface of MailMarshal Spam Quarantine, a login (an email address) and its password are required. If user loose his password, the /SpamConsole/Register.aspx form can send it back.
This form sends information to the indicated email address. However, if this address is long, it is truncated. For example, if attacker enters the following address:
email@example.com _spaces_ ; firstname.lastname@example.org
the database only compares (to ensure it is in the database):
but the script sends the mail to:
email@example.com ; firstname.lastname@example.org
Attacker thus also receives the email containing the password.
An attacker knowing user's email address can therefore obtain his password.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability bulletin
. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.