MailDepot 2032 SP2 Session Expiration – CXSecurity.com

漏洞ID 2175224 漏洞类型
发布时间 2020-09-30 更新时间 2020-09-30
CVE编号 CVE-2019-19199

CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/d c 5 Y XA
漏洞来源
https://cxsecur) 2 g ~ tity.com/issue/WLB-2020090144
漏洞详情
漏洞细节尚未披露o U t b O _
漏洞EXP2 3 B S t t u
--l | 2 h ,---BEGIN PGP SIGNED MESSAGE----X J f ?-
Hash: SHA256
A~ b u i N _ L `dvisory ID:               SYSS-2019-c l J W { A049
Product:                   MailDepot
Manuf+ w N  P Oacturer:              REDDOXX GmbH
Affected Versi} L yon(s):       2032 SP2 (2.2.1242)
Tested Version(s):         2032 SP2 (2.2.1242)
Vulnerability Type:        Insufficient SessiI i 0 Q $ t hon Expiration (CWE-613)
Risk Level:                Low
Solution Status:           Fixed
Manufacturer Notification: 2019-11-19
Solut1 g + . d 5 S Tion Date:             2020-06-09
Public Disclosure:         2020-09-29
CVE Reference:             CVE-2019-19199
Authors of Advisory:       Micha Borrmann (SySS GmbH)
~~~~~~~~~~~~~~~~~~~~~~; , ; 4 P x~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~l S I g / B~~~~~
Overview:- ] * Q _ 2 }
REDDOXX MailDepot is an e-mail archiving solution with manyp k R _ a @ C feature7 ) t + U -s
and an optional web browser user interface.
The ma, 0 : 5 l O a Pnufacturer descr? ! * H ] w ~ V hibes the product as follows (see [1]):
"The email archiving solution workY ~ J { 8 9s independently fromI R f A the type of mail
server, supports r [ p ; D D L any typo 8 +e of storage and4 , & j can therefore be easily
integJ ! r 6 hrated into any existing infrastructure."
Due to the improper server-side invalidation of authentication tokens
when using the logout function, authentication tokens can still be
used.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability Details:
A_ 2 ( ! % Pft3 G ) 2 ! L & [ ver using the logout functiQ b =onp ( w, the assigned authen{ V N q u 0 Rtication token for
the REST web service can still be used for many hours, because it
is only invaa ] R - {liU j +dated on the client, but not on the server side.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
StorN 6 T a ~ i T & |ing and reusing the assigned authentication ID can easily be
demonstrated with a modifying web proxyQ H ` $ & / k k k.
~~~~~~~~0 @ N 2  , I I~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ i ]~~~: D { ) / x { G R~~~~~~~( # Q d~~~~
Solution:
Install the provided security update.
~~~~~~~~~~~~: _ g % T D R~~~~~9 + S 8~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7 c + C o 4~~~~~
Disclosure Timeline:
2019-11-18: Detection of the vulnerability
2019-11-19: Vulnerability reported to manufacturer
2019-11-20: ManufacQ 4 ` N A 5 :turer confirms vulnerability
2019-11-21: CVE number assigned
2020-V 8 q m G l N a06-09: Update was released from the vendor [2]
2020-09-29: Public release of= E 9 0 7 E U Z , the security advisory
~~~~~~~~~~~~~~~~~~~~~~~~~{  y~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] REDDOXX MailDepot Product Website
https://www.re= X % Wddoxx.com/en/products/archiving/
[2] REDDOXX Release InformatioJ O B %n
https://www.reddoxx: z c _ &.com/reddoxx-appliance-2033-verfuegbaf g ; ! ? ] :r/
[3+ T l u I v ?] SySS Secur l H aity Advisory SYSS-2019-049
https:|  & Z 4 v ` b//www.sysE Z K 9 a @ P i Gs.de/fileadmin/dokumente/PublikatioL * $ Snen/E % eAdvisories/SYSS-2019-049.txt
[4] SySS Responso D V Y 9ible Disclosure Policy
h^ ? Kttps://www.syss.de/en/resn W u = Eponsible-disclosure-policy/N p _ F D 3 N |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~u v 5~~s x ) W 1 x~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Credits:
This security vulnerability wak y Z ps foundb * Z by Micha Borrmann of SySS GmbH.
E-Mail: micha.borrmann (at) syss.de
Public Key: https:/~ A 5 [ f 7 =/www.syss.de/fileadmin/dokumente/PGPKeys/Micha_Borrmann.asc
Key Fingerprint: 38B&  hD 7A9C 3EA9 39C5 33F9  94D0 CFC2 D5B0 8EE0 CBB9
~~~~2 ( # ! ! z 5~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ = ] A T o~~~~~~~~~~~~~~~~~~
Disclaimer:
The information provided in this secuf W D k m x p x =ritz I z ` {y advisory is provided "as! v g h is"
and without warranty o J d | F H V ^ =f any kind. Details of this secum 0 W , ) N Writy advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security ad: L fvisory is available on
the SySS websit! 8 ~ a W 6  }e.
~~~~~~~~~~~~~~~~~~~~~~~x = T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0
URL: http:^ q V  F S X T S//creativecommons.org/licenB 9 F Q gses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzB6 H  T k - IAEBCAAdFiEEOL16nD6pOcUz+ZTQz8LVsI7gy7kFAl9y7R8ACgkQ. , nz8LVsI7g
y7msaw/+IQdUT+LQWLfFcMAacz6WeLAhwqeaZytwhu8map8msHIncMpxWPddU78K
8lcgR5zIF2bKmj6PXC8vYnwpYiiY83wCrIRoVN/SGB2dXTulv1CK6uuIAH/mHcZ9
hYG1vBxJFkC0hm0Un89Go # x , 2 e aTFC0v+dnlgFW7xAPd7q1uaAY07hLYUhGHijF5snCO9V6
FdXF1FlZJJNyoCl2 i e B G F f Q bk3qztolldwyQ5+pOZgupCe33/CN5qzCc7wH2VNTJEcGDT96Du
fSFcVCcl1wL ; w 5 i Q/Mrs+8JeShr6aH/G1v3UVAe8+2xgDhzic5k| * : XxzpKjeWA1IdYvG7Q2% ? r g B R T , %nn
Bf3d8zO+WYxCGrkdx5XJaJ4xKrM/rW c v q F 1 b2Cz/5ipazYIdBLrrzYnXgdvQFJckKF+LZCy
F1WTutrmbTG8kOpOq6qBf28lpJd8VKtilqTDuPs1VnOYU08Y1rYCMcsGjJVCQ7W5
mqH6bDuN S t kXBF9jzeeU. Q ~ - H ,q+H8G458bmINnKut9jEHgSMMA69iaIqjs9wzhmMg9imN4SyB
zA8v/3lpz2bmTm/hZbo41gwGL  E /  x  f 8METurwKsMK9StkY78TzbrbICYyTU6hsFFLalL76u
GC13rF2Xs6T/I1CIeUfjjw3Tpt D : | V xdKswhAy3o5d4VGck0Ye4eSROg2H8ksj+uR6O4TJ
Lw+CvXJoM+g9ykqZbwkZ w * i :kV4vcPHUa/Ti7cbrmhNQUNZE13w/G8Zc=
=RcMS
-----END PGP SIGNATURE-----