CHT Security Discovered Several Vulnerabilities in Well-known Email System

CHT Security Red Team discovered a Broken Authentication vulnerability (CVE-2020-10511) and an SQL Injection vulnerability (CVE-2020-10512) in a well-known email system. More than 20 organizations including government, financial and technology sectors are affected. The vulnerabilities are briefly described as follows:

CVE-2020-10511: It is vulnerable to a privilege escalation vulnerability, which leads to execution of arbitrary OS commands via file parameter without authentication. The OS commands can be executed by any user accessing the page without authentication. This vulnerability affects many mail systems of governments, organizations, and companies. This vulnerability is classified as A2-Broken Authentication in OWASP Top 10 2017.

CVE-2020-10512: Remote attackers can gain unauthorized data like user's account and password for login into webmail. When accessing a victim's account, remote attackers can modify the password. Remote attackers also can write arbitrary files like webshell on target system. It compromised the confidentiality, integrity and availability of data and system. This vulnerability is classified as A1 - Injection in OWASP Top 10 2017.

Email system is one of the core systems of an enterprise. Once hacked, emails which may include identification and organization information can be leaked. Enterprises often overlook the criticality of email system since they usually use package software or subscribe to services.

The vendor has released related patches after receiving our report. If your organization or enterprise is using the affected e-mail system, it is recommended to contact the vendor for patching and updating as soon as possible. 

CHT Security also recommends the following measures:

  1. Enterprise: Contact the vendor to install the patch as soon as possible.
  2. Email system vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.