Listen to this Post
The CVE-2020-10742 vulnerability is an SMTP injection flaw within Keycloak’s user registration email verification feature. It stems from improper neutralization of CRLF (Carriage Return Line Feed) sequences in user-supplied input. An attacker can register with an email address that contains crafted SMTP commands following a CRLF sequence (e.g., [email protected]%0d%0aDATA:%20injected). When Keycloak’s backend sends the verification email, the SMTP server interprets these injected CRLF sequences as a command terminator, allowing the attacker to inject arbitrary SMTP commands. This can prematurely terminate the intended email data and append a new, short, malicious email message. The attack is constrained by a 64-character limit on the local part of the email address, restricting the payload size and limiting the content of the injected message.
Platform: Keycloak
Version: < 11.0.2
Vulnerability: SMTP Injection
Severity: Medium
date: 2020-05-19
Prediction: 2020-06-30
What Undercode Say:
`curl -X POST -d “firstName=John&lastName=Doe&email=attacker%40example.com%0d%0aDATA:%20injected&password=password” http://keycloak-host:8080/auth/realms/master/registration`
`nc -nv mailserver 25</h2>
<h2 style="color: blue;">EHLO keycloak-server</h2>
<h2 style="color: blue;">MAIL FROM: <keycloak@domain></h2>
<h2 style="color: blue;">RCPT TO: attacker@example.com</h2>
<h2 style="color: blue;">DATA</h2>
<h2 style="color: blue;">Subject: Verify Email</h2>
<h2 style="color: blue;">(injected SMTP commands executed here)`
<h2 style="color: blue;">
<h2 style="color: blue;">
<h2 style="color: blue;">
<h2 style="color: blue;">
<h2 style="color: blue;">
<h2 style="color: blue;">
How Exploit:
Craft malicious email address with CRLF and SMTP commands during user registration to inject and send a short, unauthorized email message from the server.
Protection from this CVE:
Apply input sanitization to neutralize CRLF sequences in email addresses during user registration and before processing by the SMTP client. Upgrade to Keycloak version 11.0.2 or later.
Impact:
Unauthorized sending of short emails from the server, potential for phishing precursors or spam, but limited in scope by a 64-character payload constraint.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

