Eircom Webmail App.

We recently found a critical vulnerability in the Eircom webmail application that allowed us to take over any user account.

We have been trying for months to contact Eircom about this issue without any success, so we decided to write an article about it. After reading this article you will know where is client-side data stored, how to get the cookie of any user, and some more info.

Read About the article: Eircom Webmail

Details about the vulnerability:

As with many webmail applications, Eircom stores the credentials of its users on the client-side (in this case JavaScript). Storing passwords on the client-side is not a very good practice since an attacker can reverse the password hash, find out where they are stored and use the application as if she was the legitimate user.

The way Eircom implemented this functionality is by using JavaScript objects called “localStorage” and “sessionStorage”. These local storage objects are similar to other variables, but they are stored on the client-side instead of the server-side. You can access or modify them with another html5 feature named “Web Workers”.