On Thu, 10 May 2007 p3rlhax@xxxxxxxxx wrote:
IV. DETECTION
Latest version of squirrel mail 1.4.8-4.fc6 and prior are found vulnerable.
V. WORKAROUND
I. Application should check for Referer Header in every post login request.
Referer headers can be forged via Flash, so it is not a good idea to
rely on these for security.
II. Application should use CSRF token which is random enough to identify every legitimate post login request.
According to: http://squirrelmail.org/security/issue/2006-12-02 version
1.4.8-4 is vulnerable to a XSS vulnerability, so an attacker could use the
XSS vector to grab the session token ("CSRF token") and continue the
CSRF attack.
--
- Josh
