Hardcoded Secret Keys in SmarterTools SmarterMail 16.x Allows Unauthorized Access to Emails and File Attachments

Hardcoded Secret Keys in SmarterTools SmarterMail 16.x Allows Unauthorized Access to Emails and File Attachments

CVE-2019-7212 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.

Learn more about our User Device Pen Test.