header-logo
Suggest Exploit
vendor:
Imail and WS_FTP Server
by:
Unknown
7.5
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Imail and WS_FTP Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:ipswitch:imail
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Privilege Escalation in Imail and WS_FTP Server

Non-administrative Imail and WS_FTP Server users can elevate their privileges to administrator by modifying a specific registry value. Once they have obtained administrative privileges, they can use the application interface locally to perform various actions like reading email, creating accounts, deleting accounts, etc.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/218/info

Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. 

Access the following registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\Machine_name\Users\Username"
Modify the Flag value to read "1920". 1920 gives the user account administrator permissions to IMail and WS_FTP Server.

Navigation

Suggest Exploit

Services By CQR

cqrsecured