Alt-N MDaemon Session Hijacking Vulnerability
BID:58077
Info
Alt-N MDaemon Session Hijacking Vulnerability
| Bugtraq ID: | 58077 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | Feb 18 2013 12:00AM |
| Credit: | QSecure and Demetris Papapetrou |
| Vulnerable: |
Alt-N MDaemon 11.0.1 Alt-N MDaemon 11.0 Alt-N MDaemon 10.0.2 Alt-N MDaemon 10.0.1 Alt-N MDaemon 9.0.6 Alt-N MDaemon 9.0.5 Alt-N MDaemon 8.1.3 Alt-N MDaemon 8.1.1 Alt-N MDaemon 8.1 Alt-N MDaemon 8.0.5 Alt-N MDaemon 8.0.4 Alt-N MDaemon 8.0 Alt-N MDaemon 7.2 Alt-N MDaemon 6.8.5 Alt-N MDaemon 6.8.4 Alt-N MDaemon 6.8.3 Alt-N MDaemon 6.8.2 Alt-N MDaemon 6.8.1 Alt-N MDaemon 6.7.9 Alt-N MDaemon 6.7.5 Alt-N MDaemon 6.5.2 Alt-N MDaemon 6.5.1 Alt-N MDaemon 6.0.7 Alt-N MDaemon 6.0.6 Alt-N MDaemon 6.0.5 Alt-N MDaemon 5.0.7 Alt-N MDaemon 3.5.6 Alt-N MDaemon 3.5.4 Alt-N MDaemon 3.5.1 Alt-N MDaemon 3.1.2 Alt-N MDaemon 3.1.1 Alt-N MDaemon 3.0.4 Alt-N MDaemon 3.0.3 Alt-N MDaemon 2.8.5 0 Alt-N MDaemon 2.8 Alt-N MDaemon 9.65 Alt-N MDaemon 9.64 Alt-N MDaemon 9.53 Alt-N MDaemon 9.51 Alt-N MDaemon 9.0 |
| Not Vulnerable: | |
Discussion
Alt-N MDaemon Session Hijacking Vulnerability
Alt-N MDaemon is prone to a session-hijacking vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application.
MDaemon 13.0.3 and prior versions are vulnerable.
Alt-N MDaemon is prone to a session-hijacking vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application.
MDaemon 13.0.3 and prior versions are vulnerable.
Exploit / POC
Alt-N MDaemon Session Hijacking Vulnerability
Attackers can exploit this issue with a web browser.
Attackers can exploit this issue with a web browser.
Solution / Fix
Alt-N MDaemon Session Hijacking Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Alt-N MDaemon Session Hijacking Vulnerability
References:
References:
- Alt-N Homepage (Alt-N)
- MDaemon 13.0.4 Release Notes (Alt-N)
- MDaemon Product Homepage (Alt-N)
- Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability (QSecure)