Email vulnerabilities on Novell GroupWise WebAccess detected

Email vulnerabilities on Novell GroupWise WebAccess detected

Several vulnerabilities on the Novell GroupWise WebAccess have been detected, that could allow hackers to steal the user details by simply tricking them into viewing an email.

ProCheckUp detected the vulnerability with Novell GroupWise WebAccess as a cross-site request forgery bug. It claimed that by forging the requests that add a new forwarding rule, a copy of any email sent to the user will be forwarded to the attacker's inbox and allow the attacker access to any confidential information it may contain.

It claimed that all the attacker needs to do is email the victim with a malicious link and trick them into clicking on it. Alternatively, the attack can be triggered by simply viewing an email sent by the attacker.

Novell has confirmed the following versions of GroupWise that are affected by both vulnerabilities: GroupWise 6.5x; GroupWise 7.0, 7.01, 7.02x, 7.03x and GroupWise 8.0 (shipping 8.0 release only).

Adrian Pastor, a member of the ProCheckUp penetration testing team, said: "Essentially, the identified flaw allows the attacker to install a persistent backdoor which forwards received emails to the attacker. In short, this is a practical corporate email theft attack."

Also detected was another vulnerability with a persistent XSS. By inserting a specially-crafted JavaScript payload via HTML email attachments, ProCheckUp claimed that it is possible to run malicious code and steal confidential corporate data.

The following article appears on SC Magazine. You can click here to read it in its original source.