Home page logo

bugtraq logo Bugtraq mailing list archives

ArGoSoft Web-Mail security problem
From: Z0rbaS <zorbas () systat cl>
Date: Sun, 6 Oct 2002 23:05:14 -0400

ArGoSoft Web-Mail security problem.

A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP
I did not test other versions, this is the only I have, but others should be 
vulnerable too. The problem is in the Web-Mail interface, it is posible to 
execute javascript by sending it inside a mail, ArGoSoft does not filter 
that, and you can steal the cookie from the user, the cookie has a problem 
too, it saves the username and the password in plain text, you have only to 
decode the cookie, and you have something like that:

mail () domain:password

I would desactivate de Web-Mail interface until a patch is released.

Francisco Claude
zorbas () systat cl

P.S. Sorry for my bad english.

  By Date           By Thread  

Current thread:
  • ArGoSoft Web-Mail security problem Z0rbaS (Oct 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]