MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

Posted by deepcore on October 3, 2020 – 1:25 pm

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Platinum Mobile 1.0.4.850 Authorization Bypass FusionAuth-SAMLv2 0.2.3 Message Forging »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL