Email spoofing
Description
The sendEmail endpoint allows calls without any authentication, allowing anyone to send mails on behalf of the bank with arbitrary content.
Impact
Use the sendEmail endpoint to send emails from a business address, which could impersonate users and perform phishing attacks.
Recommendation
Configure the sendEmail endpoint to disallow anonymous connection.
Threat
Anonymous Internet attacker can send mail using the sendEmail endpoint.
Expected Remediation Time
⌚ 120 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: X
- Remediation level: W
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:W/RC:X
- Score:
- Base: 6.5
- Temporal: 6.4
- Severity:
- Base: Medium
- Temporal: Medium
Code Examples
Compliant code
The end point of the Email delivery does not allow anonyous configuration
email_delivery:
host: "myhost"
port: 5400
email_over_ssl: true
authentication: admin
allow_anonymous-connection: false
user_name: "appadmin"
password: "encrypted_password"
Non compliant code
The end point of the sendEmail delivery allows anonymous configuration
email_delivery:
host: "myhost"
port: 5400
email_over_ssl: true
authentication: :plain
allow_anonymous-connection: true
user_name: "appadmin"
password: "*"