Bugtraq mailing list archives

Re: Another web-based mail reader hole

From: peter () ATTIC VUURWERK NL (Peter van Dijk)
Date: Tue, 19 Jan 1999 18:45:50 +0100


On Mon, Jan 18, 1999 at 03:24:09PM -0800, Dave Pifke wrote:

-----BEGIN PGP SIGNED MESSAGE-----

This bug has been fixed in most webmail clients for quite some time now,
but I guess some people just don't see security as a design priority.

The free, web-based mail client at www.angelfire.com passes authentication
data in the URL.  So your authentication token hapilly gets logged if
you use a proxy server or follow a link in a mail message (via the HTTP
referrer header).


Actually, squid logs those requests upto the ? by default, removing the parameter
part.

Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE                |          Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent:      | peter () attic vuurwerk nl
<squeezer>   @date = localtime(time);              |  realtime security d00d
<squeezer>   $date[5] += 2000 if ($date[5] < 37);  |
<squeezer>   $date[5] += 1900 if ($date[5] < 99);  |        * blah *

Current thread:

Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- - - Re: Sendmail 8.8.x/8.9.x bugware Frank Louwers (Jan 18)
    - Win95/98 SMB Authentication Vulnerability (fwd) tschweik () FIDUCIA DE (Jan 18)
  - [SECURITY] ftpwatch package has major security problems Jamie Fifield (Jan 17)
  - Michal's report and sendmail-8.9.2 GvS (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Jens Hoffmann (Jan 16)
  - Re: Sendmail 8.8.x/8.9.x bugware Alan Brown (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
  - Personal web server kiborg (Jan 17)
    - Re: Personal web server Dave Pifke (Jan 18)
    - Another web-based mail reader hole Dave Pifke (Jan 18)
    - Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
  - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
    - Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
    - Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
    - Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
    - Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)

(Thread continues...)