icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CommuniGate Pro < 4.0 .1b2 Referer Field Hijacking

Medium

Synopsis

The remote CommuniGate Pro, according to its version number, is vulnerable to a flaw which may allow an attacker access the mailbox of its victims.

Description

The remote CommuniGate Pro, according to its version number, is vulnerable to a flaw which may allow an attacker access the mailbox of its victims. To exploit such a flaw, the attacker needs to send an email to its victim with a link to an image hosted on a rogue server which will store the Referrer field sent by the user user-agent which contains the credentials used to access the victim's mailbox.

Solution

Upgrade to CommuniGate Pro 4.0 .1b2 or higher.