| VID |
21963 |
| Severity |
30 |
| Port |
1000 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Alt-N WebAdmin, according to its version number, has the MDaemon Account Hijacking vulnerability. Alt-N WebAdmin is a web-based remote administration tool for Alt-N MDaemon mail server for Microsoft Windows operating systems. WebAdmin versions prior to 3.2.6 could allow a domain administrator within the default domain to hijack the 'MDaemon' account used by MDaemon when processing remote server and mailing list commands. The vulnerability is cause due to the useredit_account.wdm module not properly protecting access to the details of the 'MDaemon' account. A domain administrator within the default domain of a MDaemon server could exploit this vulnerability to disclose the details of the account via a specially crafted URL.
* Note: This check solely relied on the version number of WebAdmin on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://files.altn.com/WebAdmin/Release/RelNotes_en.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049247.html
http://www.securityfocus.com/archive/1/445153
http://secunia.com/advisories/21727/
* Platforms Affected:
Alt-N Technologies, Inc., WebAdmin versions prior to 3.2.6
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WebAdmin (3.2.6 or later), available from the WebAdmin Web site at http://www.altn.com/products/default.asp?product%5Fid=WebAdmin |
| Related URL |
CVE-2006-4620 (CVE) |
| Related URL |
19841 (SecurityFocus) |
| Related URL |
28776 (ISS) |
|
