Horde webmail inboxes can be hacked with just one click

Horde is a free, enterprise-ready, browser-based communications suite. It is mainly used by universities and libraries, and many web hosting providers use it as their default email client.

Security researcher Numan Ozdemir has discovered some weaknesses in open source webmail software, which allows hackers to delete and download user mailboxes.

The attacker should send an email and trick the victim into clicking a malicious link to access all of the account’s content. Security researchers typically wait three months after finding an issue to make it public, giving organizations time to correct the breach.

On this occasion, Horde has yet to make any statement regarding the issue. The National Institute of Standards and Technology said the breaches pose a “high” security risk to users.

Ozdemir says that with the latest version of the Horde Webmail update some of the vulnerabilities have been fixed, but not all.

Horde has still not publicly declared whether any issues have been resolved or if users of older versions are still at risk. Ozdemir’s bug report filed with the Horde remains open.

Subscribe to our website and stay in touch with the latest technology news.

Click to comment

Leave a Reply

Your email address will not be published.