Tuesday, 22 March 2016

cPanel - Access Restrictions On Mail Routing Information




Source:

https://forums.cpanel.net/threads/cpanel-tsr-2015-0003-full-disclosure.472921/

https://www.isspcs.org/render.html?it=23020



cPanel TSR-2015-0003 Full Disclosure

SEC-22

Summary

Access restrictions on mail routing information not properly enforced.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description

The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information includes details about how email is routed internally on the server for local delivery destinations. Access restrictions were not correctly enforced in these interfaces, allowing users with limited privileges to view the private email routing details of other accounts.



Technical Details:



The "email" parameter in mail routing information was not properly validating the authorization which allow any low privilege user to access other user mail routing information just by changing the "email" parameter value to victim user email.
POC Video

No comments:

Post a Comment

Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts