SmarterTools SmarterMail Cryptographic Weakness in File and Email Sharing Endpoints

A cryptographic vulnerability exists in SmarterTools SmarterMail builds prior to 9610. The issue arises in the file and email sharing endpoints, which utilize DES-CBC encryption. The encryption keys and initialization vectors are derived from System.Random, seeded with inadequate entropy, thereby limiting the seed space to approximately 19,000 possible values. This flaw allows an unauthenticated attacker to exploit the attachment download endpoint as an oracle, revealing the current seed and enabling the derivation of encryption keys and initialization vectors. Consequently, sharing tokens can be forged for any email, attachment, or file storage content, without prior access to the targeted material.

Impact

Exploitation of this vulnerability allows for the unauthorized forging of sharing tokens, potentially leading to unauthorized access to emails, attachments, or file storage contents.