Alt-N MDaemon Session ID Hijacking Vulnerability

WorldClient is an email client which accompanies Alt-N's MDaemon email server. WorldClient is capable of reading HTML formatted email messages. However, this lends itself to the possibility of session ID hijacking because whenever an email recipient clicks on a link, the session ID is relayed back to the address in the referrer field of the HTTP request. The session ID could then be used to read the email of the remote user.


Privacy Statement
Copyright 2010, SecurityFocus