![mdaemon worldclient mdaemon worldclient](https://static.mdaemon.com/Images/Screenshots/MDaemon-Webmail/MDaemon-Webmail_Calendar-Publish.jpg)
OldFolderParent=&OldFolder=&FolderParent=&Folder=&NewFolder=AAAAAAAAAAAAĪAA&NewFolderParent=&Create=Create&Folder%3AInbo User-Agent: Mozilla/4.0 (compatible MSIE 6.0 Windows NT 5.0 Q312461)Ĭookie: User=MDaemon Lang=en Theme=Standard Session=xxxxx POST /WorldClient.cgi?Session=xxxx&View=Options-Folders&Reload=YesĬontent-Type: application/x-www-form-urlencoded
Mdaemon worldclient code#
User-supplied code can reportedly be executed with SYSTEM level privileges. The vulnerability can apparently be triggered if the folder name is approximately 1000 characters long. The WorldClient web-mail feature reportedly contains a buffer overflow that can be triggered when an authenticated remote user attempts to create a folder with a long name. As a result, a local user can obtain and decode user passwords. Each character is encoded using a static offset and the final result is base64 encoded. By default, the passwords are apparently stored in a file called 'userlist.dat' in the MDaemon/App directory (usually C:\MDaemon\App\userlist.dat).
Mdaemon worldclient password#
It is also reported that the product uses a weak encoding method to protect password files. Remote users may access the system using this account if the administrator does not change this password. It is reported that MDaemon creates a default user account called 'MDaemon' with the default password of 'MServer'. A remote user can execute arbitrary code on the server with SYSTEM privileges and can perform other actions on the server.ĮyeonSecurity reported several flaws in MDaemon. Several vulnerabilities were reported in 's MDaemon mail server and associated components, including the WorldClient web-mail feature. Version(s): 5.0.5.0 and possibly prior versions Impact: Disclosure of authentication information, Modification of system information, Root access via network MDaemon Mail Server WorldClient Buffer Overflow Lets Authenticated Remote Users Execute Arbitrary Code on the Server with SYSTEM PrivilegesĬVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Home | View Topics | Search | Contact Us | MDaemon Mail Server WorldClient Buffer Overflow Lets Authenticated Remote Users Execute Arbitrary Code on the Server with SYSTEM Privileges - SecurityTracker