Webmail Bug Lets Hackers Take Over Server by Sending Email

0
3120

Vulnerability open-source Horde Webmail.
Authenticated users of instance could run malicious code.
Horde Webmail maintenance stopped 2017.

Introduction:
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction. The vulnerability exists in the default configuration and can be exploited with no knowledge of a targeted Horde instance.

Details:
The issue, which has been assigned the CVE identifier CVE-2022-30287, was reported to the vendor on February 2, 2022. The maintainers of the Horde Project did not immediately respond to a request for comment regarding the unresolved vulnerability. At its core, the issue makes it possible for an authenticated user of a Horde instance to run malicious code on the underlying server by taking advantage of a quirk in how the client handles contact lists.

Currently:
CSRF, also called session riding, happens when a web browser is tricked into executing a malicious action in an application to which a user is logged in. It exploits the trust a web application has in an authenticated user. As a result, an attacker can craft a malicious email and include an external image that when rendered exploits the CSRF vulnerability without further interaction of a victim: the only requirement is to have a victim open the malicious email.

Additional Security Info:
The disclosure comes a little over three months after another nine-year-old bug in the software came to light, which could permit an adversary to gain complete access to email accounts by previewing an attachment. This issue has since been resolved as of March 2, 2022. In light of the fact that Horde Webmail is no longer actively maintained since 2017 and dozens of security flaws have been reported in the productivity suite, users are recommended to switch to an alternative service.

Closing:
With so much trust being placed into webmail servers, they naturally become a highly interesting target for attackers. If a sophisticated adversary could compromise a webmail server, they can intercept every sent and received email, access password-reset links, sensitive documents, impersonate personnel, and steal all credentials of users logging into the webmail service.

Reference link for the full story:
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email.

This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity