Top open source email platform hacked to steal user details

2 weeks ago

(Image credit: Image by Muhammad Ribkhan from Pixabay)

Hackers are abusing a vulnerability successful nan Roundcube Webmail to bargain emails and different delicate data, caller reports person claimed.

Cybersecurity experts from Positive Technologies sounded nan alarm, saying nan celebrated email client carries a flaw that is being actively exploited against authorities organizations successful nan Commonwealth of Independent States (CIS) region (former Soviet Union).

Roundcube Webmail is simply a celebrated browser-based email customer pinch a user-friendly interface that mimics nan look and consciousness of a desktop application. It supports modular email protocols for illustration IMAP and SMTP, and offers features specified arsenic connection search, interaction management, and plugin customization.

Hiding pinch HTML

The bug is tracked arsenic CVE-2024-37383, and described arsenic a medium-severity stored cross-site scripting (XSS) flaw, allowing nan execution of malicious JavaScript connected nan Roundcube page.

To trigger nan vulnerability, nan crooks would draught and nonstop a unsocial email. The email’s assemblage appears empty, and only comes pinch a .DOC attachment. But nan attackers would hide harmful codification successful nan email utilizing circumstantial HTML tags (in this case, nan tag), which is processed by nan email client, while being invisible to nan target user.

The payload is simply a portion of JavaScript codification masquerading arsenic a ‘href’ value. It downloads a decoy .DOC file, while injecting an unauthorized login shape into nan HTML page, which requests messages from nan message server. The shape prompts nan unfortunate for their username and password, which are past relayed to nan attackers.

All versions up to 1.5.6, arsenic good arsenic versions betwixt 1.6 and 1.6.6. were said to beryllium susceptible to nan flaw. Versions 1.5.7 and 1.6.7, released connected May 19, are nan earliest ones to person addressed nan bug, and users are advised to upgrade their clients arsenic soon arsenic possible.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

More from TechRadar Pro

Thousands of Zimbra servers attacked pursuing email relationship compromise
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology