what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Alt-N MDaemon WorldClient Predictable Session ID

Alt-N MDaemon WorldClient Predictable Session ID
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.

tags | exploit
SHA-256 | 92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883
Download | Favorite | View

Alt-N MDaemon WorldClient Predictable Session ID

Change Mirror Download
======================================================================
   Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
======================================================================

Software:  Alt-N MDaemon v13.0.3 and prior versions
Vendor: http://www.altn.com/
Vuln Type: Session ID Prediction
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
References: http://www.qsecure.com.cy/advisories/Alt-N_MDaemon_WorldClient_Predictable_Session_ID.html
Discovered: 25/07/2012
Reported: 19/12/2012
Fixed: 15/01/2013 (http://files.altn.com/MDaemon/Release/RelNotes_en.html)
Disclosed: 18/02/2013

VULNERABILITY DESCRIPTION:
==========================
Alt-N WorldClient is the web interface of the MDaemon email server. It
has been identified that application session state is not maintained
by the user's session cookie but by the URL "Session" parameter
instead. This parameter is transmitted with every user request sent to
the WorldClient web application and under certain circumstances future
session IDs can be successfully predicted.

The use of predictable session IDs for authentication makes
WorldClient prone to session hijacking attacks. If the attacker can
generate a current valid session ID then he/she may be able to access
webmail accounts without possessing a valid username/password. The
impact of the attack is significantly reduced because WorldClient
associates the client's IP address with each session ID produced.
However, certain network setups or other scenarios may exist that
could render the IP restriction ineffective.

Alt-N MDaemon v13.0.3 & v12.5.6 were tested and found vulnerable;
other versions may also be affected.

Pre-Requisites:
---------------
1) The attacker needs to get a current or expired session ID.
       a) Google Search: "WorldClient.dll?Session="
       b) Steal an HTTP request and observe the Referer field
2) The MDaemon service or the machine has not been restarted since the
captured session ID was generated (There may be a way to deal with
this but further research is needed).
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close