Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://marc.info/?l=bugtraq&m=101328887821909&w=2 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-05-03T04:00:00
Updated: 2024-08-08T02:42:28.615Z
Reserved: 2002-05-01T00:00:00
Link: CVE-2002-0258
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-05-29T04:00:00.000
Modified: 2024-11-20T23:38:40.357
Link: CVE-2002-0258
Redhat
No data.