Alt-N MDaemon 'Lock Server' Bypass Vulnerabiltiy

MDaemon is an email server which supports most common internet mail protocols offered by Alt-N Technologies. As a security feature, MDaemon allows administrators to "lock" the administrative console on the systems desktop. If it is locked, a password is required for anyone wishing to use the administrative console.

The implementation of this security feature is unfortunately flawed. By simply clicking cancel and hitting the 'enter' key when the password prompt is displayed, the user will gain entry to the MDaemon interface with administrative privileges.

From this point, an attacker could modify the configuration of MDaemon, possibly causing a denial of sevice provided by it or assisting some other compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus