FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

extman -- password bypass vulnerability

Affected packages
0.2.4	<=	extman	<	0.2.4_1

Details

VuXML ID	44c8694a-12f9-11dd-9b26-001c2514716c
Discovery	2008-04-01
Entry	2008-04-25

Extmail team reports:

Emergency update #4 fixes a serious security vulnerability.

[source]

Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request.

References

URL	http://www.extmail.org/forum/thread-7260-1-1.html