CHT Security Discovered Several Vulnerabilities in Well-known Japanese Email System

CHT Security Red Team discovered several vulnerabilities (CVE-2020-5540, CVE-2020-5541) in a well-known Japanese email system. The email system has Cross-Site Scripting (XSS) and Open Redirect vulnerabilities. More than 40 organizations including government, education and financial sectors are affected. The vulnerabilities are briefly described as follows:

CVE-2020-5540: An attacker can perform cross-site scripting attacks prior to authentication. This vulnerability exists in multiple versions of the email system. This vulnerability is classified as A7-Cross-Site Scripting (XSS) in OWASP Top 10 2017.

CVE-2020-5541: Attackers can perform unverified forwarding and redirection. This vulnerability exists in multiple versions of the email system. This vulnerability is classified as CWE-601: URL Redirection to Untrusted Site (Open Redirect).

Email system is one of the core systems of an enterprise. Once hacked, emails which may include identification and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use package software or subscribe to services.

As per the experience of our penetration testing team, vulnerabilities in web-based email systems are often found. The XSS and Open Redirect in this case are common vulnerabilities that enable hackers to launch phishing or identity theft. 

The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible. 

CHT Security also recommends the following measures:

1. Enterprise: Contact the vendor to install the patch as soon as possible. 
2. Email system vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.
   
   

This CVE report has been acknowledged on the Japanese vulnerability information portal site, Japan Vulnerability Notes (JVN), and covered by several Japanese information security media sites, including the following: 

1. https://scan.netsecurity.ne.jp/article/2020/08/13/44435.html

2. https://www.security-next.com/117513

3. https://www.excite.co.jp/news/article/Scannetsecurity_44435/