WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alt-n mdaemon 2.8 |