SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.

2023-12-1313:26:34

Google

osv.dev

smtp

misconfiguration

exploit

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Impact

A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

Explanation of the vulnerability

Two different error messages was shown, based on if the user exists or not when using the forgot password functionality, when the SMTP was configured but do not response.

CPENameOperatorVersion
umbraco.cmseq9.5.0-rc
umbraco.cmseq10.5.0-rc
umbraco.cmseq10.0.1
umbraco.cmseq10.2.0
umbraco.cmseq11.3.1
umbraco.cmseq12.2.0
umbraco.cmseq10.8.0
umbraco.cmseq10.7.0
umbraco.cmseq11.4.1
umbraco.cmseq10.6.0

Name	Operator	Version
umbraco.cms	eq	9.5.0-rc
umbraco.cms	eq	10.5.0-rc
umbraco.cms	eq	10.0.1
umbraco.cms	eq	10.2.0
umbraco.cms	eq	11.3.1
umbraco.cms	eq	12.2.0
umbraco.cms	eq	10.8.0
umbraco.cms	eq	10.7.0
umbraco.cms	eq	11.4.1
umbraco.cms	eq	10.6.0