CVE-2000-0397

EMURL - Unauthenticated Session Hijacking via Predictable Session Identifiers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0397. PoCs published by Pierre Benoit.

AI-analyzed exploit summary This exploit describes an information disclosure and account manipulation vulnerability in Emurl software. It allows an attacker to retrieve a user's email and modify account settings by crafting a specific URL with a user identifier derived from their account name.

Description

The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Pierre Benoit · textremotewindows
https://www.exploit-db.com/exploits/19914

This exploit describes an information disclosure and account manipulation vulnerability in Emurl software. It allows an attacker to retrieve a user's email and modify account settings by crafting a specific URL with a user identifier derived from their account name.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Emurl software
No auth needed
Prerequisites: Knowledge of the target's account name
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1203

Scores

EPSS 0.0272
EPSS Percentile 84.3%

Details

Status published
Products (1)
seattle_lab_software/emurl 2.0
Published May 15, 2000
Tracked Since Feb 18, 2026