Totemomail · Totemomail Encryption Gateway · CVE-2018-6563
**Name of the Vulnerable Software and Affected Versions**
totemomail Encryption Gateway versions prior to 6.0.0 Build 371
**Description**
The issue allows remote attackers to hijack user authentication for various requests, including changing user settings, sending emails, or modifying contact information, by exploiting the lack of an anti-CSRF token.
**Recommendations**
For versions prior to 6.0.0 Build 371, update to version 6.0.0 Build 371 or later to resolve the issue.