CVE-2021-27181

Name of the Vulnerable Software and Affected Versions: MDaemon versions prior to 20.0.4

Description: An issue was discovered in the Remote Administration of MDaemon, allowing an attacker to perform a fixation of the anti-CSRF token. To exploit this issue, the user must click on a malicious URL provided by the attacker and successfully authenticate into the application. With the value of the anti-CSRF token, the attacker may trick the user into visiting a malicious page and performing any request with the privileges of the attacked user.

Recommendations: For versions prior to 20.0.4, update to version 20.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Remote Administration feature until a patch is applied. Avoid clicking on suspicious URLs, especially those requesting authentication, to minimize the risk of exploitation.