NTMail Server 5.x Proxy Access Vulnerability

NTMail server can be configured as a proxy server as well as a web configuration server. By default each function is assigned a port. The configuration function uses port 8000 and the proxy function uses port 8080. If a separate proxy server is being utilized with security restrictions in place, it is possible to disable the proxy function of the NTMail server, thus forcing users to go through the restricted proxy server. However a user could reconfigure their proxy setup to point to NTMail on port 8000, redirecting them to the internet with no restrictions.


 

Privacy Statement
Copyright 2010, SecurityFocus