We’ve all read about the latest security threat to GroupWise WebAccess. The Register reports:
“One vulnerability allows an attacker to forward all of a user’s email simply by sending a specially crafted email, according to Adrian Pastor, an employee for ProCheckUp, a penetration testing firm based in London. The cross-site request forgery bug allows attackers to add new forwarding rules simply by tricking a user into opening the email, no clicking of links necessary.”
Novell has provided hot patches for GroupWise 7 and GroupWise 8 quickly to solve this vulnerability. To be safe, you should make sure that you update your GroupWise system with the patches as soon as possible. You should also make sure that no information is leaking because of forwarding rules. After updating your GroupWise system with the latest hot patches, it is good practice to check all user rules to make sure that you don’t have any of these rogue rules in your system.
One way to do this is to block forward rules at the GWIA level. You may also monitor the GWIA logs, and if such a crafted rule in your system exists you need to shut it down and delete it. You can make this task easy by using a third party GroupWise administration tool such as Vertigo from GWAVA. Vertigo lets you manage all mailboxes and rules from a single intuitive interface. This solution can save you a lot of time when GroupWise security issues arise.
View this Camtasia flash demo to learn how to check all of your GroupWise rules per mailbox as well as for all mailboxes.