MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

Posted on 03 October 2020

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20