PT-2018-17637 · Totemomail · Totemomail Encryption Gateway

Nicolas Heiniger

Published

2018-06-20

Updated

2018-10-09

CVE-2018-6563

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions totemomail Encryption Gateway versions prior to 6.0.0 Build 371

Description The issue allows remote attackers to hijack user authentication for various requests, including changing user settings, sending emails, or modifying contact information, by exploiting the lack of an anti-CSRF token.

Recommendations For versions prior to 6.0.0 Build 371, update to version 6.0.0 Build 371 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-6563

Affected Products

Totemomail Encryption Gateway

PT-2018-17637 · Totemomail · Totemomail Encryption Gateway

CVE-2018-6563

Weakness Enumeration

Related Identifiers

Affected Products

References · 6