Security for everyone

CVE-2021-26294 Scanner

Detects 'Information Disclosure' vulnerability in AfterLogic Aurora and WebMail Pro affects v. < 7.7.9

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-26294 Scanner Detail

AfterLogic Aurora and WebMail Pro are comprehensive email and collaboration platforms, designed for both personal and professional use. They offer a wide range of features including email, calendars, contacts, tasks, and file storage. These products are widely adopted by businesses, educational institutions, and individual users for their versatility and ease of integration with existing IT infrastructures. The software is known for its user-friendly interface and robust functionality, making it a popular choice for those seeking efficient communication and organization tools.

Specifically, this vulnerability exploits the WebDAV EndPoint by using a built-in “caldav_public_user@localhost” username and its predefined password. The attack involves crafting a request that navigates beyond the intended web root directory to access and read files, such as the settings.xml file, which contains critical system settings including administrative credentials and database host information. The vulnerability is a direct result of improper validation of user-supplied input in the file path.

Exploitation of this vulnerability can lead to a range of adverse effects including unauthorized access to admin accounts, database theft, and exposure of sensitive information. Attackers can leverage the disclosed information to perform further attacks, such as data breaches, account takeover, and potentially, gain full control over the affected systems. This underscores the criticality of securing web applications against information disclosure vulnerabilities.

By becoming a member of the securityforeveryone platform, users gain access to comprehensive security scanning capabilities that can detect vulnerabilities like the one found in AfterLogic Aurora and WebMail Pro. Our platform employs state-of-the-art technology to identify and report security weaknesses, helping users to stay ahead of potential threats. Membership offers not just diagnostic insights but also guidance on best practices and remediation strategies to enhance digital asset security.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture