Icewarp Exploit

[Glauco Schlembach]

TheExploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec.

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

The Google Hacking Database (GHDB) is a categorized index of Internet search engine queries designed to uncover interesting, and usually sensitive, information made publicly available on the Internet. In most cases, this information was never meant to be made public but due to any number of factors this information was linked in a web document that was crawled by a search engine that subsequently followed that link and indexed the sensitive information.

After nearly a decade of hard work by the community, Johnny turned the GHDB over to OffSec in November 2010, and it is now maintained as an extension of the Exploit Database. Today, the GHDB includes searches for other online search engines such as Bing, and other online repositories like GitHub, producing different, yet equally valuable results.

Icewarp is one of the most common Webmail services used by companies, so it occupies a large part of the Internet. And this vulnerability covers versions below version 11.4.4.1 of Icewarp. In other words, tens of thousands of companies still have this vulnerability and it is highly likely to be exploited by hackers. As the statistics indicate, the vulnerability affected this number of customers.

Today, we all know that Icewarp has more than 50 million users around the world. According to the analysis I scanned and filtered with a few search engines such as Shodan(Censys, Zoomeye etc.) and Shodan, approximately 35-thousand servers are currently using the Icewarp service. Of course, if we try to add servers that we cannot reach in search engines, I am sure that this number will double.

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Digitization is the future and everything, from the way we shop to communicate & collaborate has gone digital. With numerous benefits of Digitalization, it also has various risks. Hackers are exploiting the World Wide Web for data, identity, and financial theft. With the world moving towards remote work, in the post-COVID era, new threats have emerged. They have major implications when it comes to cyber security.

The shift to remote working led to unplanned migration to cloud and acquiring various IT products and services to be in sync with the changing landscape. A lot of organizations, opted for typical security measures, and others veered away from them completely, which led to risks and increased vulnerability across different industries.

In the era where new threats are evolving every day, organizations are adapting 2-Factor Authentication (2FA) as another layer of defense against malicious attacks and data breaches in 2021. While passwords are still considered a good practice for cyber security, evolving to multi-factor authentication is the future. 2FA ensures that more than one device is used to confirm the identity.

With a number of organizations moving to cloud services, latest trend of increased attack on cloud services is seen. Cloud-based services and processes are going to stay in the post-COVID era as well. They have benefits like efficiency, scalability, and being cost-effective, but they are also a prime target for hackers and attackers. As per pandasecurity, in 2020, misconfigured cloud settings led to data breaches worth 4.41 million USD.

With best-in-class anti-virus and anti-spam protection with various layers, IceWarp offers advanced security features. A distinctive amalgam of over 20 anti-spam technologies, including intrusion prevention and zero-hour protection to stop unwanted or malicious behaviour in real time.

Based on file extensions, potentially threatening email attachments can be prohibited from global database. Password protected files can be rejected with the help of a filter system. It can also stop executable hidden files with ZIP or RAR archives.

Zero-hour outbreak monitoring powered provides protection in real-time from the time of emergence of spam outbreak. Over 12 billion internet-based transactions from over 550 million endpoints are analysed through proactive IP reputation services.

An integrated security feature- WebRTC makes sure that voice & video encryption is always-on. SRTP (Secure RTP protocol) protects both video and voice. This is valuable for devices connected through Wifi.

Filters to prevent intrusion analyse all the incoming connections, which includes IP addresses, number of attempts, and level of security. Attackers are blocked instantly with cross-protocol and cross-section monitoring.

IceWarp is ISO27001 certified and GDPR Compliant. Our clients like IDFC Bank, NKGSB Bank, CMS Infosystems, and many more have experienced and acknowledged the enhanced cyber security services offered by IceWarp.

Additionally to our permanent bounties, we are looking, from time to time, to acquire other zero-day exploits that are not within our usual scope or for which we are temporarily increasing the payouts. In some cases, we may pay each bounty multiple times to acquire distinct exploits for the same software.

Acceptance of the Terms

You can accept the Terms by checking a checkbox or clicking on a button indicating your acceptance of the terms or by actually using the Services. You must be of legal age to enter into a binding agreement in order to accept the Terms. If you do not agree to the Terms, do not use any of our Services.

Annual Commitment

If given an option to prepay for the period of one year, the Service will be limited to maximum number of users for each Subscription plan for the entire duration of the one-year billing period. When upgrading the Service to a higher plan or when adding users during the year, the upgrade fees will be calculated till the end of the billing period.

Price Changes

From time to time, we may change the price of any Service or charge for use of Services that are currently available free of charge. We will communicate any price changes at least 90 days in advance and if the prices have changed significantly from the last applicable amounts, you may cancel the Service without further penalty to you. Your continued use of the Service after the effective date of the price changes will be deemed to be your agreement to the then-current price which will become applicable starting with the next billing period. We reserve the right to cancel any subscriptions and terminate your account prematurely and without compensation if the subscription price, taxes, charges, amount formats or currency is incorrect in our sole discretion, such as due to various errors within the billing system or in case the billing system has been temporarily circumvented by any person to provide a benefit of lower than intended and lawful prices.

Refund Policy

You can use the Service free of charge and evaluate it for a limited period. If the Service meets your exact needs and you wish to continue to use it, you may keep your Subscription active. If for some reason the Service does not meet your requirements, you are under no obligation to purchase and you can simply cancel your Subscription. When you cancel your Subscription, all your data will be wiped out, except for your registration details to avoid comeback to another Free Service. Once we have provided the Service to you, there is no physical product to return to us. Thus we cannot accept refunds for paid plans of the Services that have already been delivered for full or for part of the Subscription period. In case the Subscription is for 1 month and the 1st day of the billing cycle has already started, the monthly charge will not be refundable. In case the Subscription is for 1 year and the 1st month of the billing cycle has already started, the annual charge will not be refundable.

3a8082e126