A brand new unpatched safety vulnerability has been disclosed within the open-source Horde Webmail consumer that could possibly be exploited to realize distant code execution on the e-mail server just by sending a specifically crafted e-mail to a sufferer.
“As soon as the e-mail is considered, the attacker can silently take over the whole mail server with none additional person interplay,” SonarSource stated in a report shared with The Hacker Information. “The vulnerability exists within the default configuration and might be exploited with no information of a focused Horde occasion.”
The difficulty, which has been assigned the CVE identifier CVE-2022-30287, was reported to the seller on February 2, 2022. The maintainers of the Horde Undertaking didn’t instantly reply to a request for remark concerning the unresolved vulnerability.
At its core, the problem makes it potential for an authenticated person of a Horde occasion to run malicious code on the underlying server by benefiting from a quirk in how the consumer handles contact lists.
This will then be weaponized in reference to a cross-site request forgery (CSRF) assault to set off the code execution remotely.
CSRF, additionally referred to as session using, occurs when an online browser is tricked into executing a malicious motion in an software to which a person is logged in. It exploits the belief an online software has in an authenticated person.
“In consequence, an attacker can craft a malicious e-mail and embrace an exterior picture that when rendered exploits the CSRF vulnerability with out additional interplay of a sufferer: the one requirement is to have a sufferer open the malicious e-mail.”
The disclosure comes somewhat over three months after one other nine-year-old bug within the software program got here to gentle, which might allow an adversary to achieve full entry to e-mail accounts by previewing an attachment. This subject has since been resolved as of March 2, 2022.
In gentle of the truth that Horde Webmail is not actively maintained since 2017 and dozens of safety flaws have been reported within the productiveness suite, customers are beneficial to modify to another service.
“With a lot belief being positioned into webmail servers, they naturally develop into a extremely
attention-grabbing goal for attackers,” the researchers stated.
“If a classy adversary might compromise a webmail server, they’ll intercept each despatched and acquired e-mail, entry password-reset hyperlinks, delicate paperwork, impersonate personnel and steal all credentials of customers logging into the webmail
service.”
