loader gif

Researchers find critical flaws in SecurEnvoy SecurMail, patch now!

Researchers find critical flaws in SecurEnvoy SecurMail, patch now! (Malware and Vulnerabilities)

The warning comes from SEC Consult researchers, who discovered a number of vulnerabilities in the product that break its core security promises. The vulnerabilities They found seven CVE-assigned flaws, including path traversal and insecure direct object reference vulnerabilities that could allow a legitimate recipient to read emails sent to other recipients in plain text, and a missing authentication and authorization flaw that could allow an attacker to extract or modify emails stored on the server or overwrite or delete e-mails stored in other users’ inboxes. “The software package features multiple different components (e.g., 2 factor/token auth) where we only took a look at the ‘SecurMail’ application,” Johannes Greil, the Head of SEC Consult Vulnerability Lab, told Help Net Security.

loader gif