[WEB SECURITY] CSRF on Novell GroupWise WebAccess allows email theft and other attacks
Adrian P.
adrian.pastor at procheckup.com
Fri Jan 30 10:34:46 EST 2009
Hi folks,
I realize this is not exactly a vulnerabilities mailing list, but I
wanted to share a real example of the kind of nasty things that can be
done with a CSRF bug.
In this case, by forging the request that adds a new forwarding rule, a
copy of any email sent to the victim user will be sent to the attacker's
inbox.
A *persistent* XSS vulnerability was also identified.
The bugs affect all supported versions of Novell GroupWise, the
third-biggest corporate email software product [1] which has be base of
about 30 million users according to Novell.
More info:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21
http://www.theregister.co.uk/2009/01/30/novell_groupwise_vulns/
http://www.scmagazineuk.com/Email-vulnerabilities-on-Novell-GroupWise-WebAccess-detected/article/126602/
http://news.zdnet.co.uk/security/0,1000000189,39607304,00.htm
Sources:
[1]
http://www.email-standards.org/blog/entry/novell-groupwise-passes-with-flying-colors/
Regards,
ap
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list