Published:2006/10/12 Last Updated:2008/05/21
JVN#41241092
Kmail CGI authentication bypass vulnerability
Overview
Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.
Products Affected
- Version 1.0.3 and earlier
Description
Impact
A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users.
Solution
References
JPCERT/CC Addendum
Credit
Yutaka Kokubu of webappsec.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000695 |