Session ID Vulnerability in IceWarp Web Mail by Merak Mail
CVE-2002-0258

Currently unrated

Key Information:

Vendor: Icewarp
Status: Web Mail; Mail Server
Vendor: CVE Published:; 29 May 2002

What is CVE-2002-0258?

Merak Mail's IceWarp Web Mail is compromised by a vulnerability stemming from the use of a static user session identifier. This static ID does not refresh between sessions, allowing remote attackers who gain access to the session ID to impersonate the user and potentially escalate their privileges. Attackers could extract the ID by exploiting user responses or through forwarded URLs, making it critical for users to be aware of secure practices when interacting with the application.

References

http://marc.info/?l=bugtraq&m=101328887821909&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2002
Vulnerability Reserved
May 1, 2002

JSON

Icewarp

What is CVE-2002-0258?

References

Timeline