- Status Closed
-
Assigned To
cbay - Private
Opened by exploitbro - 22.03.2025
Last edited by cbay - 24.03.2025
FS#142 - Critical Security Vulnerabiliy-Direct Access to Webmail Portal, Leaked Credentials, and Lack of 2FA
SUMMARY:
As a cybersecurity and darknet researcher, I have discovered a critical security vulnerability in the webmail.alwaysdata platform. The site lacks Two-Factor Authentication (2FA), meaning that if an attacker obtains a user's password, they can gain access without any additional security verification. During my investigation, I also discovered 100 sets of credentials on the dark web, further underscoring the ease with which attackers can exploit this vulnerability. An attacker can use these leaked credentials to log into the webmail portal without any further checks, exposing sensitive internal data such as customer support tickets, billing information, and inventory details, and potentially leading to the defacement of user accounts and unauthorized modifications to administrative settings.
AFFECTED SYSTEM:
Webmail Data Portal (webmail.alwaysdata)
IMPACT LEVEL:
CRITICAL
ATTACK VECTOR:
The absence of 2FA allows attackers to log in using stolen credentials without any additional verification. Once inside, they can manipulate administrative settings and access sensitive information, including user-created support tickets and billing details. The ease of unauthorized access significantly heightens the risk of data exfiltration and system manipulation.
STEPS TO REPRODUCE:
Use leaked credentials
https://webmail.alwaysdata.com:younes@alwaysdata.net:MOLImoli1 https://webmail.alwaysdata.com/:tayssir@alwaysdata.net:Fvdptr87 https://webmail.alwaysdata.com:eliu@tijuana.ml:2Tekilas
(one of the 100 sets discovered on the dark web) to access the webmail portal.
Observe that no 2FA is required, granting immediate and unrestricted administrative access.
IMPACT ANALYSIS:
Confidentiality Impact:
Unauthorized access to sensitive internal data, including customer support tickets, billing information, and inventory details.
Exposure of sensitive contractual agreements and cloud infrastructure details.
Potential for exfiltration of confidential business information, leading to financial and reputational harm.
Integrity Impact:
Unauthorized modifications to administrative settings, disrupting normal business operations.
Manipulation of support ticket data, resulting in miscommunication and incorrect troubleshooting.
Availability Impact:
Alteration or deletion of inventory records.
Data loss and operational downtime, causing prolonged recovery efforts and increased costs.
RECOMMENDATIONS:
Immediate Mitigation: Revoke compromised credentials and enforce a company-wide password reset. Restrict access to the webmail portal to authorized personnel only.
Implement Mandatory 2FA: Enforce Two-Factor Authentication for all accounts, with priority given to administrative access.
Access Control: Apply the principle of least privilege and implement role-based access controls.
Device Security: Restrict unauthorized device registrations and enforce strict device security policies.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
The webmail is basically an IMAP/SMTP client, and 2FA is unsupported on IMAP/SMTP anyway. Besides, not having 2FA is not a qualifying vulnerability.
That's not a vulnerability on our side.
Kind regards,
Cyril