FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

extman -- password bypass vulnerability

Affected packages
0.2.4 <= extman < 0.2.4_1

Details

VuXML ID 44c8694a-12f9-11dd-9b26-001c2514716c
Discovery 2008-04-01
Entry 2008-04-25

Extmail team reports:

Emergency update #4 fixes a serious security vulnerability.

Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request.

References

URL http://www.extmail.org/forum/thread-7260-1-1.html