Hello, welcome to the Thursday, June 16th, 2020 edition of the Sandsenet Storms'

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Quick post today on the Storm Center website by Dustin Lee, one of our sands.edu undergraduate interns, and it's actually just a quick

video presentation about how to set up a honeypot for the shield using various cloud

providers.

So if you thought about doing that, well, take a look at Dustin's presentation.

Thanks to Jason for pointing me to a vulnerability that Sonor source discovered in

Cimbra email.

Now, this is a little competitor to hoard email, which we, I think, covered a vulnerability

in last week.

It's one of those webmail sort of exchange like systems,

but open source. The problem here is that Cimbra uses a proxy engine X in order to direct

users to different bag ends and then to consistently forward particular users to particular bag ends, it maintains a Memcash

database that links user accounts to particular endpoints. Now, this is all good so far, but the

problem is that it's possible to inject records into the MAM cache database because they're not

correctly filtering carriage return line feeds. And with that, NetHacker can essentially inject

a particular record that would direct a specific user to a back end. That's actually not

a backend, but instead the attacker's server,

which will then receive all requests from the user, including username and password.

Pretty neat, a little vulnerability, certainly something that you need to address,

but also something that you, if you're not running SIMPRA, should just read the report to see what can go wrong with MemcashD here in particular.

And with thought, I owe the cloud security company that found a number of interesting vulnerabilities,

...