CVE-2024-6739

Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

CVSS 5.3 MEDIUMEPSS 0.4%CWE-1004

In short

The session cookie used in Openfind MailGates and MailAudit is missing the HttpOnly flag, which means attackers could steal it through cross-site scripting (XSS) attacks and impersonate users.

Technical detail

The HttpOnly flag is not set on session cookies in Openfind MailGates and MailAudit, enabling attackers to extract session tokens via XSS vulnerabilities. An attacker with the ability to inject malicious scripts into the application can access the cookie through JavaScript and hijack authenticated sessions.

Summary generated and translated by AI from the official description.

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Openfind · MailAudit Openfind · MailGates

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html