[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2qj4lDq [+] ISR: ApparitionSec Vendor: ============= mailcow.email mailcow.github.io Product: =========== The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access. Vulnerability Type: =================== CSRF Password Reset / Add Admin / Delete Domains CVE Reference: ============== CVE-2017-8928 Security Issue: ================ mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF vulnerabilities. If authenticated mailcow user visits a malicious webpage remote attackers can execute the following exploits. 1) reset admin password 2) add arbitrary admin 3) delete domains Other issues found in mailcow are as follows: Session fixation: ================= Session ID: Pre authentication and Post auth is the same, and does not change upon successful login. ms22jsnl1dcpc4519rvpvfj0n6 - pre-authentication ms22jsnl1dcpc4519rvpvfj0n6 - post-authentication World Readable Private key "key.pem" ==================================== john@debian:/usr/local/mailcow-dockerized-master/data/assets/ssl$ whoami john john@debian:/usr/local/mailcow-dockerized-master/data/assets/ssl$ cat key.pem
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment