RoundCube Web-Mail Email Vulnerability: Exposed!

Are you a webmaster, having a domain and website running, or do you plan to create new websites, with e-mail features and such in near f...


Are you a webmaster, having a domain and website running, or do you plan to create new websites, with e-mail features and such in near future? Well, this article is for you, then. The following piece of article concentrates on a web-based email client's vulnerability. The email client is none other that RoundCube- one of the most popular email clients webmasters use today. Did you know that RoundCube's vulnerability reveals sensitive, confidential and important data about the domain, highly risking it's security? Read on to get a better grasp of what I am trying to say. 

The following short technique I am going to expose gains a hacker access to a site's Webmail log-in page, which is usually almost impossible to stumble upon. Moreover, the RoundCube application's login page is stored externally on the FTP server- and it contains the port number which the site is using for sending e-mails. Port numbers are crucial in black hat hacking. Most sites provide a e-mail address to contact them, which is specified in their site. And once the hacker knows the domain owner uses RoundCube, it makes the task 50 percent easier for him to complete. 

There are 2 steps to do it. One, hackers e-mail random sites that mention a contact address with a Lorem Ipsum (or any other text) and link a Blogger-powered blog at the signature. There is a high probability that the site owner will check the email and open the link. Those who use RoundCube leave a highly valuable information to the site it opens. About a week after emailing websites, the hacker opens his Blogger blog, goes to Stats > Traffic sources (in the Blogger Dashboard) and checks the links. Since it's the RoundCube users who opened his link, Blogger displays the data from where traffic is coming in this format: 

http://www.domain.com:(Port number)/3rdparty/roundcube 
Now the hacker has access to the site's log-in page. The hacker now fills in the Username with the email address provided by the site and then brute-forces the password. If a domain owner uses weak password, chances are his email will get hacked. 

For the not-so-experienced hackers and those who don't want to wait so long, there is another way. The lazy hackers Google for data. What? Yes! Google indexes a number of WebMail login pages in their index which can be retrieved by searching Google with the following code: 

inurl:3rdparty/roundcube 
Google will now begin to show up all those unlucky WebMail pages whose owners forgot to place a No-index code in their HTML pages. A hacker will click the link, visit the main index page (Home page) and hunt for the e-mail. As I stated, most sites specify their email address. The hacker copies the email and follows the last step which the Experienced hackers also follow- Brute force. This is the last step for hacking the e-mail. 

This was how hackers hack email of domains which uses RoundCube WebMail. Don't use RoundCube- take my advice. If you already did, delete and ban RoundCube files in your server. I hope people won't commit this mistake that hundreds of thousand other people are doing. Stay safe, stay alert. 

You Might Also Like

1 comments