• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

You are here: Home / General Cyber Security News / Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
April 21, 2022

RainLoop Webmail

An unpatched superior-severity security flaw has been disclosed in the open-source RainLoop web-based email consumer that could be weaponized to siphon e-mails from victims’ inboxes.

“The code vulnerability […] can be effortlessly exploited by an attacker by sending a malicious email to a target that employs RainLoop as a mail client,” SonarSource security researcher Simon Scannell said in a report released this 7 days.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“When the email is considered by the victim, the attacker gains full management over the session of the target and can steal any of their e-mail, together with these that include hugely delicate information this sort of as passwords, files, and password reset links.”

CyberSecurity

Tracked as CVE-2022-29360, the flaw relates to a stored cross-web site-scripting (XSS) vulnerability impacting the newest version of RainLoop (v1.16.) that was introduced on Could 7, 2021.

Saved XSS flaws, also known as persistent XSS, manifest when a malicious script is injected immediately into a goal web application’s server by indicates of person enter (e.g., comment area) that is forever saved in a database and is later on served to other customers.

Impacting all RainLoop installations functioning underneath default configurations, attack chains leveraging the flaw could consider the variety of a specially crafted email despatched to opportunity victims that, when viewed, executes a malicious JavaScript payload in the browser with out necessitating any person interaction.

CyberSecurity

SonarSource, in its disclosure timeline, said that it notified the maintainers of RainLoop of the bug on November 30, 2021, and that the application maker has failed to issue a fix for a lot more than four months.

An issue raised on GitHub by the Swiss code good quality and security corporation on December 6, 2021, continues to be open up to day. We have achieved out to RainLoop for remark, and we will update the tale if we hear back.

In the absence of patches, SonarSource is recommending consumers to migrate to a RainLoop fork termed SnappyMail, which is actively maintained and unaffected by the security issue.

Located this article attention-grabbing? Observe THN on Fb, Twitter  and LinkedIn to examine extra special written content we submit.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «critical chipset bugs open millions of android devices to remote Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
  • Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
  • New Incident Report Reveals How Hive Ransomware Targets Organizations
  • New Incident Report Reveals How Hive Ransomware Targets Organizations
  • REvil ransomware group’s infrastructure comes back online hinting at fresh campaign
  • Five Eyes Agencies Issue Detailed Russian Cyber-Threat Warning
  • Google: Record Year for Zero Days in 2021
  • Two-Thirds of Global Banks Report Surge in Destructive Attacks
  • Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure
  • Cyber-Attackers Hit Sunwing Airlines

Copyright © TheCyberSecurity.News, All Rights Reserved.