Tuesday, 22 March 2016

cPanel - Access Restrictions On Mail Routing Information




Source:

https://forums.cpanel.net/threads/cpanel-tsr-2015-0003-full-disclosure.472921/

https://www.isspcs.org/render.html?it=23020



cPanel TSR-2015-0003 Full Disclosure

SEC-22

Summary

Access restrictions on mail routing information not properly enforced.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description

The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information includes details about how email is routed internally on the server for local delivery destinations. Access restrictions were not correctly enforced in these interfaces, allowing users with limited privileges to view the private email routing details of other accounts.



Technical Details:



The "email" parameter in mail routing information was not properly validating the authorization which allow any low privilege user to access other user mail routing information just by changing the "email" parameter value to victim user email.
POC Video

No comments:

Post a Comment

Featured post

Pentesting Node.js Application : Nodejs Application Security

Pentesting Node.js Application : Nodejs Application Security Hello folks, Today we will see how we can do Pentesting Of NodeJS Appli...

Popular Posts