VULHUB ™

Cyclonic webmail has been reported prone to an authentication bypass vulnerability. The issue exists due to a flaw in the procedure used to authenticate a remote user before Cyclonic webmail scripts are available for perusal/use. It has been reported that the Cyclonic webmail authentication software relies on a remote POP3 server that may be specified by the attacker, to authenticate valid users. As a result of this, an attacker may specify any remote POP3 server that is under the attackers control and thereby gain access to the Cyclonic webmail scripts.

Cyclonic webmail has been reported prone to an authentication bypass vulnerability. The issue exists due to a flaw in the procedure used to authenticate a remote user before Cyclonic webmail scripts are available for perusal/use. It has been reported that the Cyclonic webmail authentication software relies on a remote POP3 server that may be specified by the attacker, to authenticate valid users. As a result of this, an attacker may specify any remote POP3 server that is under the attackers control and thereby gain access to the Cyclonic webmail scripts.