icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CommuniGatePro < 4.1b2 Session Token Disclosure

Medium

Synopsis

The remote host may allow an attacker to gain unauthorized access to a user's email.

Description

The remote CommuniGatePro, according to its version number, is vulnerable to a flaw that may allow an attacker access the mailboxes of its victims. To exploit such a flaw, the attacker needs to send an email to a victim with a link to an image hosted on a rogue server that will store the Referer field sent by the user-agent that contains the credentials used to access the victim's mailbox.

Solution

Upgrade to CommuniGatePro 4.1b2 or higher.