SYMPTOMS

MailEnable Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized (CVE-2012-0389). A specially crafted URL which a user clicks could gain access to the users cookies for webmail. The affected versions of MailEnable are:

MailEnable Professional, Enterprise & Premium 4.26 and earlier
MailEnable Professional, Enterprise & Premium 5.52 and earlier
MailEnable Professional, Enterprise & Premium 6.02 and earlier

MailEnable Standard is not affected.

CAUSE

This is caused by the input to the forgotten password page (specifically the username) not being sanitised.

RESOLUTION

Users of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:

1. Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\bin\NETWebMail\Mondo\lang\[language] folders in version 4 and in Mail Enable\bin\NETWebMail\Mondo\lang\sys in version 5 and 6.
2. Locate and remove the following line, then save the file 

         document.getElementById("txtUsername").value = '<%= Request.Item("Username") %>'<%= Request.Item("Username") %>;

REFERENCES

CVE Identifier for this vulnerability is CVE-2012-0389.