Hacking

Horde Webmail Software is affected by a dangerous bug since 2012

Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts.

A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment.

Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. This webmail solution is widely adopted by universities and government agencies.

“We discovered a code vulnerability in Horde that allows an attacker to gain full access to the email account of a victim when it loads the preview of a harmless-looking email attachment.” reads a report published by Sonarsource. “This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization.”

The vulnerability discovered by Sonarsource is a stored XSS vulnerability that was introduced with the commit 325a7ae, 9 years ago. The bug affects all the versions since the commit that took place on 30 Nov 2012.

The issue can be triggered by previewing a specially crafted OpenOffice document to execute a malicious JavaScript payload. Upon exploiting the issue, the attacker can steal all emails the victim has sent and received.

“An attacker can craft an OpenOffice document that when transformed to XHTML by Horde for preview can execute a malicious JavaScript payload.” continues the report. “The vulnerability triggers when a targeted user views an attached OpenOffice document in the browser.”

In the worst case, the attacker can compromise an administrator account and take over the webmail server.

Sonarsource reported this flaw almost 6 months ago, there is currently no official patch available. 

The researchers recommend disabling the rendering of OpenOffice attachments. Administrators can edit the config/mime_drivers.php file in the content root of their Horde installation add the

'disable' => true 

configuration option to the OpenOffice mime handler:

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Horde Webmail)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…

9 hours ago

Marks and Spencer confirms data breach after April cyber attack

Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…

11 hours ago

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks…

17 hours ago

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in…

18 hours ago

Apple released security updates to fix multiple flaws in iOS and macOS<gwmw style="display:none;"></gwmw>

Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple…

23 hours ago

U.S. CISA adds TeleMessage TM SGNL to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known…

1 day ago