Medium Vulnerability Description:
WORKTERRA provides an interface for sending emails to administrators and WORKTERRA's customer support system. The backend does not rate-limit or validate the destination of these emails.
Impact:
A malicious user could use WORKTERRA servers as a spam delivery platform.
Verification and Attack Information:
Praetorian verified this finding by intercepting requests to the endpoint responsible for sending emails. A malicious user can modify the destination email address to any email address. Additionally, there are no controls in place to the number of emails sent within a given time frame. This finding was demonstrated by sending 50 emails to a test email account. The figure below shows that the emails are originating from WORKTERRA IP addresses.
Recommendation:
Validate the email's destination address on the server-side. Additionally, WORKTERRA should limit the number of emails that a user can send per-minute.
- relates to
-
ST-211 Restrict domain user for emails
-
- Closed
-
Testing done on Stage for SA login and candidate log in functionality working properly. Employee log in Write to your Benefits Administrator /HR and Feedback about Benefits Enrollment System functionality also working fine.
Ready for Production.
Tested on Production with SA login server error is being displayed on click of send button.
Please refer attached screen shot.
Reopening the ticket
Hi Venkatesh Pujari,
This issue has been fixed on Production. It was due to configuration issue. Patch has been deployed on Production. You can verify this and close this ticket.
Thanks.
Testing in progress
Hi Venkatesh Pujari
I have checked it on CSS for HSPL company employee and it is working correctly.
Please verify again.