Title: Ipswitch IMail Server Predictable Session ID Vulnerability
Severity: HIGH
Description:
Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc.
The use of predictable session IDs for cookie-based authentication makes IPSwitch IMail Server prone to session hijacking attacks. If the attacker can anticipate a session ID that is currently in use(hasn't expired) then they will be able to access webmail accounts without possessing a valid username/password.
Session IDs are generated using alphanumeric characters. A number of the characters are static.
For example:
45: Session ID: /Xa20acc929dcecfce93a0afa688
46: Session ID: /Xa20bcc929dcecccb9ba0afa688
47: Session ID: /Xa208cc929dcf9a9c93a0afa688
48: Session ID: /Xa209cc929dcf9b9998a0afa688
49: Session ID: /Xa20ecc929dcf9bcccba0afa688
50: Session ID: /Xa20fcc929dcf98c998a0afa688
51: Session ID: /Xa20ccc929dcf9992c8a0afa688
52: Session ID: /Xa20dcc929dcf9ecbcea0afa688
53: Session ID: /Xa202cc929dcf9f9dcca0afa688
54: Session ID: /Xa203cc929dcf9c9e92a0afa688
55: Session ID: /Xa200cc929dcf9d9b9aa0afa688
56: Session ID: /Xa201cc929dcf9dce92a0afa688
57: Session ID: /Xa206cc929dcf92cb9aa0afa688
58: Session ID: /Xa207cc929dcf939c93a0afa688
59: Session ID: /Xa204cc929dcfcb999ba0afa688
60: Session ID: /Xa205cc929dcfcbcc93a0afa688
Affected Products:
- Ipswitch IMail 7.0.4
References:
- Ipswitch: IMail Server Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
