Bugtraq mailing list archives
Re: squirrelmail CSRF vulnerability
From: Josh Zlatin-Amishav <josh () ramat cc>
Date: Thu, 10 May 2007 15:37:11 -0400 (EDT)
On Thu, 10 May 2007 p3rlhax () gmail com wrote:
IV. DETECTION Latest version of squirrel mail 1.4.8-4.fc6 and prior are found vulnerable. V. WORKAROUND I. Application should check for Referer Header in every post login request.
Referer headers can be forged via Flash, so it is not a good idea to rely on these for security.
II. Application should use CSRF token which is random enough to identify every legitimate post login request.
According to: http://squirrelmail.org/security/issue/2006-12-02 version 1.4.8-4 is vulnerable to a XSS vulnerability, so an attacker could use theXSS vector to grab the session token ("CSRF token") and continue the CSRF attack.
-- - Josh
Current thread:
- squirrelmail CSRF vulnerability p3rlhax (May 10)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 10)
- Re: squirrelmail CSRF vulnerability Tim Newsham (May 11)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 12)
- Re: squirrelmail CSRF vulnerability Pavel Kankovsky (May 14)
- Re: squirrelmail CSRF vulnerability Tim Newsham (May 11)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 10)