P.O.Box 16298, 2087 Acropolis, Nicosia, CYPRUS

PHONE:    +357 70002362

Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability

Software:    Alt-N MDaemon v13.0.3 and prior versions
Vendor:    http://www.altn.com/
Vulnerability Type:    Disclosure of Authentication Credentials
Remote:    Yes
Local:    No
Discovered:    01 October 2012
Reported:    19 December 2012
Disclosed:    18 February 2013
Whitepaper:   Pwning_MDaemon.pdf


Alt-N WorldClient application is prone to an authentication credentials disclosure via a specially formulated HTTP request. This is possible because the application replies to the request with a response that contains the credentials in an encoded (reversible) format.

Attackers may trick an unsuspecting user into opening a malicious email message -using the WorldClient application- and stealing his/her authentication credentials without the user ever noticing.

Alt-N MDaemon v13.0.3 & v12.5.6 were tested and found vulnerable; other versions may also be affected.

PoC Exploit:

Vulnerable URL:

Encoded Auth String:

Decoded Auth String:

PoC Python Script: decode.py