CVE-2000-0716

Name of the Vulnerable Software and Affected Versions MDaemon version 2.8

Description The issue concerns the WorldClient email client in MDaemon, where the session ID is included in the referer field of an HTTP request when a user clicks on a URL. This allows the visited website to potentially hijack the session ID and access the user's email.

Recommendations For MDaemon version 2.8, consider restricting access to external URLs from within the email client to minimize the risk of session ID hijacking until a fix is available.