Tuesday 22 March 2016

cPanel - Access Restrictions On Mail Routing Information




cPanel TSR-2015-0003 Full Disclosure



Access restrictions on mail routing information not properly enforced.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)


The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information includes details about how email is routed internally on the server for local delivery destinations. Access restrictions were not correctly enforced in these interfaces, allowing users with limited privileges to view the private email routing details of other accounts.

Technical Details:

The "email" parameter in mail routing information was not properly validating the authorization which allow any low privilege user to access other user mail routing information just by changing the "email" parameter value to victim user email.
POC Video

No comments:

Post a Comment