what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Alt-N MDaemon WorldClient Predictable Session ID

Alt-N MDaemon WorldClient Predictable Session ID
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.

tags | exploit
SHA-256 | 92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883
Download | Favorite | View

Alt-N MDaemon WorldClient Predictable Session ID

Change Mirror Download
======================================================================
   Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
======================================================================

Software:  Alt-N MDaemon v13.0.3 and prior versions
Vendor: http://www.altn.com/
Vuln Type: Session ID Prediction
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
References: http://www.qsecure.com.cy/advisories/Alt-N_MDaemon_WorldClient_Predictable_Session_ID.html
Discovered: 25/07/2012
Reported: 19/12/2012
Fixed: 15/01/2013 (http://files.altn.com/MDaemon/Release/RelNotes_en.html)
Disclosed: 18/02/2013

VULNERABILITY DESCRIPTION:
==========================
Alt-N WorldClient is the web interface of the MDaemon email server. It
has been identified that application session state is not maintained
by the user's session cookie but by the URL "Session" parameter
instead. This parameter is transmitted with every user request sent to
the WorldClient web application and under certain circumstances future
session IDs can be successfully predicted.

The use of predictable session IDs for authentication makes
WorldClient prone to session hijacking attacks. If the attacker can
generate a current valid session ID then he/she may be able to access
webmail accounts without possessing a valid username/password. The
impact of the attack is significantly reduced because WorldClient
associates the client's IP address with each session ID produced.
However, certain network setups or other scenarios may exist that
could render the IP restriction ineffective.

Alt-N MDaemon v13.0.3 & v12.5.6 were tested and found vulnerable;
other versions may also be affected.

Pre-Requisites:
---------------
1) The attacker needs to get a current or expired session ID.
       a) Google Search: "WorldClient.dll?Session="
       b) Steal an HTTP request and observe the Referer field
2) The MDaemon service or the machine has not been restarted since the
captured session ID was generated (There may be a way to deal with
this but further research is needed).
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close