Web Security Geeks - The Security Blog: cPanel - Access Restrictions On Mail Routing Information

Tuesday 22 March 2016

cPanel - Access Restrictions On Mail Routing Information

Source:

https://forums.cpanel.net/threads/cpanel-tsr-2015-0003-full-disclosure.472921/

https://www.isspcs.org/render.html?it=23020

cPanel TSR-2015-0003 Full Disclosure

SEC-22

Summary

Access restrictions on mail routing information not properly enforced.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description

The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information includes details about how email is routed internally on the server for local delivery destinations. Access restrictions were not correctly enforced in these interfaces, allowing users with limited privileges to view the private email routing details of other accounts.

Technical Details:

The "email" parameter in mail routing information was not properly validating the authorization which allow any low privilege user to access other user mail routing information just by changing the "email" parameter value to victim user email.

POC Video

Web Security Geeks - The Security Blog

Pages

Disqus Shortname

Tuesday 22 March 2016

cPanel - Access Restrictions On Mail Routing Information

No comments:

Post a Comment