While investigating an unrelated security event, I stumbled upon an issue with Direcway webmail. Seems that the geniuses over there decided to auth the URL only so if you copy the URL of someone who logged in to their webmail account, you can take that link and then have full access to the user's webmail account.
This has been reported to Hughes already (before I popped this warning up) but none the less, the reception from the tech support group left me less than impressed so anyone here who has Huges as an ISP, I'd be pretty pissed. Oh yeah, this is all done in the clear too.
I'm not sure if the link has a TTL because I frankly don't care enough to sit here and wait to see if it expires.
Proof of Concept: (don't click the link and expect to end up in someone's webmail account)
============================
http://change.mydirecway.com/en/mail...=en&cert=false
Copy this from any browser history and then go home to your den of evil and throw it in a browser. PRESTO, instant full & unencrypted access to a direcway webmail account.
Now, back to the real issue I was researching....
--TH13
Reply With Quote