ArGoSoft Mail Server Web Interface Input Filtering Bug Lets Remote Users Steal E-mail Passwords - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (E-mail Server) > ArGoSoft Mail Server

Vendors: ArGo Software Design

ArGoSoft Mail Server Web Interface Input Filtering Bug Lets Remote Users Steal E-mail Passwords

SecurityTracker Alert ID: 1005367

SecurityTracker URL: http://securitytracker.com/id/1005367

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 7 2002

Impact: Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network

Exploit Included: Yes

Version(s): 1.8.1.9

Description: An input validation flaw was reported in the ArGoSoft Mail Server in the web-mail interface. A remote user can conduct cross-site scripting attacks to obtain a target user's e-mail password.

It is reported that the web-mail interface of the ArGoSoft Mail Server does not properly filter HTML tags from within e-mail messages when displaying them.

A remote user can send e-mail containing HTML that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the ArGoSoft web-mail interface and will run in the security context of that site. As a result, the code will be able to access the target user's ArGoSoft cookies (including authentication cookies), access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. The ArGoSoft cookies reportedly include the target user's e-mail user name and password in the following form:

mail@domain:password

Impact: A remote user can access the target user's authentication cookies that include the target user's e-mail username and password.

Solution: No solution was available at the time of this entry.

Vendor URL: www.argosoft.com/applications/mailserver/ (Links to External Site)

Cause: Input validation error

Underlying OS: Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (XP)

Message History: None.

Source Message Contents

Date: Sun, 6 Oct 2002 23:05:14 -0400
Subject: ArGoSoft Web-Mail security problem


ArGoSoft Web-Mail security problem.

A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP
(Version 1.8.1.9)
I did not test other versions, this is the only I have, but others should be 
vulnerable too. The problem is in the Web-Mail interface, it is posible to 
execute javascript by sending it inside a mail, ArGoSoft does not filter 
that, and you can steal the cookie from the user, the cookie has a problem 
too, it saves the username and the password in plain text, you have only to 
decode the cookie, and you have something like that:

mail@domain:password

I would desactivate de Web-Mail interface until a patch is released.


Francisco Claude
zorbas@systat.cl

P.S. Sorry for my bad english.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC