RainLoop Webmail could have a bug that isn’t fixed, which may give hackers access to all emails

Correo web RainLoop News

A high-severity, unpatched security vulnerability in RainLoop’s open-source web-based email client has been revealed. This flaw could allow for siphoning emails out of victims’ inboxes.

“The code vulnerability […] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client,” SonarSource security researcher Simon Scannell said in a report published this week.

“When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links. “

Tracked as CVE-2022-29360, the flaw relates to a stored cross-site-scripting (XSS) vulnerability impacting the latest version of RainLoop (v1. 16.0) that was released on May 7, 2021.

Stored flaws in XSS are also known as persistent XSS. They occur when malicious code is directly injected into the target application’s web server via user input. This data is then stored and later transmitted to other users.

Impacting all RainLoop installations running under default configurations, attack chains leveraging the flaw could take the form of a specially crafted email sent to potential victims that, when viewed, executes a malicious JavaScript payload in the browser without requiring any user interaction.

SonarSource, in its disclosure timeline, said that it notified the maintainers of RainLoop of the bug on November 30, 2021, and that the software maker has failed to issue a fix for more than four months.

An issue raised on GitHub by the Swiss code quality and security company on December 6, 2021, remains open to date. We have reached out to RainLoop for comment, and we will update the story if we hear back.

In the absence of patches, SonarSource is recommending users to migrate to a RainLoop fork called SnappyMail, which is actively maintained and unaffected by the security issue.

Rate author