CVE-2024-55196 in GoPhishinfo

Summary

by MITRE • 12/19/2024

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/15/2025

The vulnerability identified as CVE-2024-55196 represents a critical weakness in the GoPhish phishing toolkit version 0.12.1, specifically within its mail server configuration handling mechanisms. This issue falls under the category of insufficiently protected credentials, where sensitive authentication information is stored and transmitted without adequate security measures. The flaw enables unauthorized access to cleartext passwords used for IMAP and SMTP server connections, potentially compromising the entire phishing infrastructure and associated email accounts.

The technical implementation of this vulnerability stems from improper credential storage practices within the GoPhish application configuration files. When administrators configure email server settings for phishing campaigns, the system fails to adequately encrypt or obfuscate the password values, leaving them exposed in plain text format. This design flaw allows any attacker with access to the configuration files to directly extract authentication credentials without requiring additional exploitation techniques. The vulnerability specifically affects the mail server configuration components that manage both incoming and outgoing email server connections, creating potential attack vectors for credential theft and unauthorized email access.

The operational impact of this vulnerability extends beyond simple credential exposure, as it enables attackers to establish persistent access to legitimate email accounts used for phishing operations. An attacker who gains access to these cleartext credentials can impersonate legitimate users, send unauthorized emails, access sensitive information stored in email accounts, and potentially escalate privileges within the email infrastructure. This vulnerability directly impacts the security posture of organizations using GoPhish for security testing, as compromised credentials could be used to access real user accounts or conduct more sophisticated attacks. The exposure of IMAP and SMTP credentials creates opportunities for attackers to maintain long-term access to email systems and conduct extended phishing campaigns.

Organizations utilizing GoPhish v0.12.1 should immediately implement mitigations including upgrading to the latest version where the vulnerability has been addressed, implementing proper credential encryption mechanisms, and conducting thorough security reviews of all configuration files. The remediation process should involve replacing cleartext passwords with encrypted alternatives and ensuring that all credential storage practices follow established security standards. This vulnerability aligns with CWE-522, which addresses insufficiently protected credentials, and represents a clear violation of the principle of least privilege in credential management. Security professionals should also consider implementing access controls and monitoring mechanisms to detect unauthorized access to configuration files, as outlined in the attack techniques described under the MITRE ATT&CK framework for credential access and defense evasion tactics.

The exploitation of this vulnerability demonstrates the critical importance of proper credential handling in security tools and applications. Organizations should establish comprehensive security practices that include regular vulnerability assessments, secure configuration management, and proper credential lifecycle management. The incident highlights the need for security tools to implement robust encryption and access control mechanisms to prevent unauthorized access to sensitive information. Proper implementation of these security measures can prevent the exploitation of similar vulnerabilities in other security applications and maintain the integrity of phishing testing environments while protecting against potential abuse by malicious actors.

Responsible

MITRE

Reservation

12/06/2024

Disclosure

12/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00358

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!