For those that use SqWebMail...this came across BugTraq.

Date: Tue, 18 Nov 2003 02:18:04 +0100 (CET)
From: Vincenzo Ciaglia <[EMAIL PROTECTED]>
Subject: PCL-0002: Session Hijacking in "Sqwebmail"


PCL-0002: Session Hijacking in "Sqwebmail"

PuCCiOLAB.ORG Security Advisories                    [EMAIL PROTECTED]                             Vincenzo Ciaglia
November 18th, 2003

Package        : Sqwebmail
Vendor         : Inter7
Vulnerability  : access to private account without login, session
Problem-Type   : remote
risk           : low
Version        : All the version seems to be affected.
Official Site  :
N Advisories  : 0002

About Sqwebmail
SqWebMail is a web CGI client for sending and receiving E-mail using
Maildir mailboxes. SqWebMail DOES NOT support
traditional Mailbox files, only Maildirs. This is the same webmail server
that's included in the Courier mail server,
but packaged independently. If you already have Courier installed, you do
not need to download this version.

Proof of concepts
An attacker could send an email to a victim who used SQWEBMAIL, to get the
victim to visit a website, which then logs all
available information about the victim's system.


In this example, the victim has visualized our website reading the mail that we have sent to him. Visiting the link is been marked from our counter. Now we will be able to access to the victim's mail page admin and will be able to read and to send, calmly, its email without make login. The session comes sluice after approximately 20/30 minutes and the attacker has the time to make its comfortable ones.

What could make a attacker?
Read, write and fake your e-mail. Could send , from you email address, a
mail to your ISP and ask it User e PASS of your
website. The consequences would be catastrophic.

What I can do ?
Actually seems that there isn't a patch for this problem.

Suggestion to SQWEBMAIL
It would have to reduce the time for the closing of the sessions.

Vincenzo Ciaglia

Reply via email to