Adrian Pastor found some nasty
CSRF issues in Novell GroupWise WebAccess. The one that is truly evil genius is being able to use CSRF to create a forwarding rule in the victim's email settings, allowing an attacker to get a copy of every email the victim receives. Imagine if an executive in a company fell victim. Talk about information leakage!
The point about CSRF that many people do not understand is that you can fall victim
- without knowing it has happened
- without clicking a malicious link
- without JavaScript enabled in your browser
- with your company having an iron-clad perimeter firewall
The vulnerabilities were responsibly disclosed and Novell has a
patch available. It'd be nice to know how the remediation was done. Alas, I do not have a GroupWise system into which I could dive.