[WEB SECURITY] CSRF on Novell GroupWise WebAccess allows email theft and other attacks

Adrian P. adrian.pastor at procheckup.com
Fri Jan 30 10:34:46 EST 2009


Hi folks,

I realize this is not exactly a vulnerabilities mailing list, but I 
wanted to share a real example of the kind of nasty things that can be 
done with a CSRF bug.

In this case, by forging the request that adds a new forwarding rule, a 
copy of any email sent to the victim user will be sent to the attacker's 
inbox.

A *persistent* XSS vulnerability was also identified.

The bugs affect all supported versions of Novell GroupWise, the 
third-biggest corporate email software product [1] which has be base of 
about 30 million users according to Novell.

More info:

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21
http://www.theregister.co.uk/2009/01/30/novell_groupwise_vulns/
http://www.scmagazineuk.com/Email-vulnerabilities-on-Novell-GroupWise-WebAccess-detected/article/126602/
http://news.zdnet.co.uk/security/0,1000000189,39607304,00.htm

Sources:

[1] 
http://www.email-standards.org/blog/entry/novell-groupwise-passes-with-flying-colors/

Regards,
ap

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list