• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
unpatched bug in rainloop webmail could give hackers access to

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

You are here: Home / General Cyber Security News / Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
April 21, 2022

An unpatched superior-severity security flaw has been disclosed in the open-source RainLoop web-based email consumer that could be weaponized to siphon e-mails from victims’ inboxes.

“The code vulnerability […] can be effortlessly exploited by an attacker by sending a malicious email to a target that employs RainLoop as a mail client,” SonarSource security researcher Simon Scannell said in a report released this 7 days.

“When the email is considered by the victim, the attacker gains full management over the session of the target and can steal any of their e-mail, together with these that include hugely delicate information this sort of as passwords, files, and password reset links.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

Tracked as CVE-2022-29360, the flaw relates to a stored cross-web site-scripting (XSS) vulnerability impacting the newest version of RainLoop (v1.16.) that was introduced on Could 7, 2021.

Saved XSS flaws, also known as persistent XSS, manifest when a malicious script is injected immediately into a goal web application’s server by indicates of person enter (e.g., comment area) that is forever saved in a database and is later on served to other customers.

Impacting all RainLoop installations functioning underneath default configurations, attack chains leveraging the flaw could consider the variety of a specially crafted email despatched to opportunity victims that, when viewed, executes a malicious JavaScript payload in the browser with out necessitating any person interaction.

CyberSecurity

SonarSource, in its disclosure timeline, said that it notified the maintainers of RainLoop of the bug on November 30, 2021, and that the application maker has failed to issue a fix for a lot more than four months.

An issue raised on GitHub by the Swiss code good quality and security corporation on December 6, 2021, continues to be open up to day. We have achieved out to RainLoop for remark, and we will update the tale if we hear back.

In the absence of patches, SonarSource is recommending consumers to migrate to a RainLoop fork termed SnappyMail, which is actively maintained and unaffected by the security issue.

Located this article attention-grabbing? Observe THN on Fb, Twitter  and LinkedIn to examine extra special written content we submit.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «critical chipset bugs open millions of android devices to remote Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Next Post: Five Eyes nations warn against impending Russian cyber attacks five eyes nations warn against impending russian cyber attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.