Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CommuniGate Pro < 4.0 .1b2 Referer Field Hijacking

Medium

Synopsis

The remote CommuniGate Pro, according to its version number, is vulnerable to a flaw which may allow an attacker access the mailbox of its victims.

Description

The remote CommuniGate Pro, according to its version number, is vulnerable to a flaw which may allow an attacker access the mailbox of its victims. To exploit such a flaw, the attacker needs to send an email to its victim with a link to an image hosted on a rogue server which will store the Referrer field sent by the user user-agent which contains the credentials used to access the victim's mailbox.

Solution

Upgrade to CommuniGate Pro 4.0 .1b2 or higher.