#####################################################################################
#
#   Name    :   SquirrelMail webmail password leak vulnerability
#   Author  :   Xc0re Security Reasearch Group
#   Homepage :   http://www.xc0re.net
#
#####################################################################################

Description :

SquirrelMail leaks its username and password in a fashion that with every post request they also send a base64 encoded username:password along with it! One can use a simple sniffer like ethreal and listen on a next hop proxy or through arp spoofing and manually decode username and password !