Sendio, a network appliance which provides anti-spam and anti-virus solutions for enterprises, has just patched two remote security bypass vulnerabilities.
Martin Gallo, a researcher from Core Security’s Consulting Services Team, discovered the two issues in some versions of the software. They say that the vulnerabilities could lead to leakage of sensitive information including a user’s session identifiers and user emails.
According to their advisory, an authentication cookie is included in URL’s when obtaining emails and “causes the application to disclose the session identifier value, allowing attackers to perform session hijacking. An attacker might perform this kind of attack by sending an email message containing links or embedded image HTML tags pointing to a controlled web site, and then accessing the victim’s session cookies through the “Referrer” HTTP header. Accessing this authentication cookie might allow an attacker to hijack a victim’s session and obtain access to email messages or perform actions on behalf of the victim.”
The other flaw is “caused by an improper handling of users’ sessions by the Web interface.” This could cause sensitive data to be given to the wrong user.
The affected software includes Sendio 6 (14.1120.0), but has been patched. Be sure to update ASAP!