[FD] Network Solutions Webmail - A tale about chained web vulnerabilities

=============================================================================== title: Network Solutions Webmail - A tale about chained web vulnerabilities case id: CM-2015-01 product: Network Solutions Webmail vulnerability type: Multiple severity: Low to High found: 2015-01-16 by: Cristiano Maruti (@cmaruti) =============================================================================== [EXECUTIVE SUMMARY] While reviewing the Network Solutions webmail, I identified various security issues ranging from low to high severity. Some of them, chained together, could allow an attacker to arbitrary change the password of any e-mail accounts hosted on the service provider. All things considered – the volume of customers managed by the company and the kind of data affected by vulnerabilities – customer's data is put at risk and these issues must be addressed immediately. Below a summary of the key findings: - Weak password change mechanism - Password complexity requirement not enforced - Ability to reset a mailbox password to an arbitrary value - Ability to enumerate and identify valid mailbox ID and corresponding e-mail address - Improper input validation (reflected XSS) - End-user forced to execute unwanted action (CSRF) [TECHNICAL DETAILS] The full report with technical details about the vulnerabilities I have identified is available at: http://ift.tt/1y8KkyG [DISCLOSURE TIMELINE] 2015-01-21 Report submitted to vendor via e-mail (point of contact is the manager of abuse and fraud. 2015-01-22 Vendor requested more info about the vulnerabilities. 2015-01-23 Vendor triaged the vulnerabilities and the new point of contact is the VP of Security Engineering & CSO 2015-02-26 Vendor fixed the vulnerabilities reported. 2015-04-09 Public disclosure [SOLUTION] Vendor addressed the vulnerabilities reported. [REPORT URL] http://ift.tt/1y8KkyG



Source: Gmail -> IFTTT-> Blogger