Horde Webmail is vulnerable, attackers could target a security gap. Security researchers from Sonar warn that there will probably be no security update.
In a warning message, the discoverers of the vulnerability (CVE-2022-30287) write that the project is probably no longer maintained. They advise users to move away from the software and use a different webmailer.
The severity of the vulnerability has not yet been rated. In the article by the security researchers, it reads that attackers could execute malicious code on the underlying server after a successful attack.
This is usually classified as “critical”. According to the article, however, attackers must at least be authenticated in order to be able to send prepared emails. In such a case, the classification “high” is obvious. In addition, attackers could see victim credentials in plain text. It should be sufficient for the victim to open the email. No further interaction is necessary.
According to the researchers, Horde instances are attackable with the current version in the default settings.
To home page
#Malicious #code #vulnerability #threatens #Horde #Webmail #security #patch #sight