CVE-2020-25848: HGiga MailSherlock - Broken Authentication
First published: Thu Dec 31 2020(Updated: )
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hgiga Msr45 Isherlock-antispam | <4.5-130 | |
| Hgiga Msr45 Isherlock-audit | <4.5-143 | |
| Hgiga Msr45 Isherlock-base | <4.5-243 | |
| Hgiga Msr45 Isherlock-user | <4.5-114 | |
| Hgiga Msr45 Isherlock-useradmin | <4.5-122 | |
| Hgiga Ssr45 Isherlock-antispam | <4.5-130 | |
| Hgiga Ssr45 Isherlock-audit | <4.5-143 | |
| Hgiga Ssr45 Isherlock-base | <4.5-243 | |
| Hgiga Ssr45 Isherlock-user | <4.5-114 | |
| Hgiga Ssr45 Isherlock-useradmin | <4.5-112 |
Remedy
Update MailSherlock MSR45/SSR45 Module to: iSherlock-base-4.5-243.i386.rpm iSherlock-user-4.5-114.i386.rpm iSherlock-useradmin-4.5-122.i386.rpm iSherlock-audit-4.5-143.i386.rpm iSherlock-antispam-4.5-130.i386.rpm
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25848?
CVE-2020-25848 is a vulnerability found in HGiga MailSherlock that allows attackers to grant privilege remotely with a weak authentication mechanism.
How severe is CVE-2020-25848?
CVE-2020-25848 has a severity score of 9.8, which is classified as critical.
Which software versions are affected by CVE-2020-25848?
CVE-2020-25848 affects the following versions of HGiga MailSherlock: Msr45 Isherlock-antispam (up to version 4.5-130), Msr45 Isherlock-audit (up to version 4.5-143), Msr45 Isherlock-base (up to version 4.5-243), Msr45 Isherlock-user (up to version 4.5-114), Msr45 Isherlock-useradmin (up to version 4.5-122), Ssr45 Isherlock-antispam (up to version 4.5-130), Ssr45 Isherlock-audit (up to version 4.5-143), Ssr45 Isherlock-base (up to version 4.5-243), Ssr45 Isherlock-user (up to version 4.5-114), and Ssr45 Isherlock-useradmin (up to version 4.5-112).
How can I fix CVE-2020-25848?
To fix CVE-2020-25848, it is recommended to update HGiga MailSherlock to a version that includes a fix for this vulnerability.
Where can I find more information about CVE-2020-25848?
For more information about CVE-2020-25848, you can refer to the official advisory on TWNCERT's website: https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/hgiga
- canonical/hgiga msr45 isherlock-antispam
- canonical/hgiga msr45 isherlock-audit
- canonical/hgiga msr45 isherlock-base
- canonical/hgiga msr45 isherlock-user
- canonical/hgiga msr45 isherlock-useradmin
- canonical/hgiga ssr45 isherlock-antispam
- canonical/hgiga ssr45 isherlock-audit
- canonical/hgiga ssr45 isherlock-base
- canonical/hgiga ssr45 isherlock-user
- canonical/hgiga ssr45 isherlock-useradmin