[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : MDaemon 3.5.1 Vulnerability

Title: MDaemon 3.5.1 Vulnerability
Released by: Mohamed Riyad
Date: 15th December 2000
Printable version: Click here
Ok, This is my second post in the years and I have been reading all your

postings so far. You all are doing a great job indeed.

I would like to point out a security problem in MDaemon mail server (even in

ver 3.5.1 the latest).

My setup:

          Windows NT 4.0 server (SP 6.0a)

          MDaemon Pro ver 3.5.1 (The latest update I downloaded last night)

Note: On Windows NT machines, you must be able to login to use this exploit.

On Windows 98, anybody has access to the desktop could do it.

Problem: When the MD server is locked, any one can simply bypass the "locked

server" security and can do anything they want.

Description: If a mail server administrator wanted to deny access to MD

server , he right clicks on the system tray Icon and select "lock server"

and then MDaemon will ask for a password and again ask to confirm it.

Whenever you wanted to open MD window, you double click on the icon at

system tray, MD will ask for the password. If you enter the correct

password, you will be allowed inside.

The security could be bypassed here. Just double click on the system tray

icon of MDaemon to start. Now, MDaemon will prompt for the password. Without

entering any password the, just click on Cancel button. AND IMMEDIATELY


you wanted to do with MDaemon and then safe minimize it to close the window.

This is exploit can be used to add/delete/modify any email accounts and

mailing list. also new domains could be added. Any mails to any accounts

could be forwarded and a lot more.

I found this problem even in the very early versions of MDaemon. Two weeks

back I sent an email to ALT.COM asking for their email address to report the

security problem in MDaemon and they never replied. And I used their website

to send a message and I received NO reply at all.

So, I decided to post this message to BUGTRAQ and also CC to MDaemon Beta


Thank you all




"Intelligence is when you discover something no one else has,"

(C) 1999-2000 All rights reserved.