A webmail service known for its emphasis on users’ privacy, Proton Mail, has serious code flaws that were discovered by a group of researchers. These vulnerabilities might have put the service’s users in danger. These vulnerabilities disclosed a possible weak link in the security chain, despite the fact that Proton Mail uses powerful end-to-end encryption for the purpose of safeguarding messages both in transit and while they are stored. Users of Proton Mail were exposed to a serious risk to their privacy and confidentiality as a result of these flaws, which highlights the need of having strong code security in protecting sensitive messages.
The web client of Proton Mail, which is responsible for decrypting communications for users, was the focus of the vulnerabilities that were uncovered. To be more specific, the vulnerabilities might have been exploited in order to take emails that had been encrypted and impersonate users.
In order to carry out an attack, threat actors need to deceive Proton Mail users into engaging with messages that have been maliciously created. In most cases, the attack required victims to see the messages or click on the links included within them. Even while the attack may have been successful with only message views, the most successful cases entailed users clicking on a link inside a follow-up email. Cross-Site Scripting (XSS) concerns, a prevalent security problem when dealing with user-controlled HTML in online applications, were at the heart of the vulnerabilities.
In spite of the fact that Proton Mail used a cutting-edge HTML sanitizer, DOMPurify’s intricate coding flaws made it possible for cybercriminals to circumvent security protocols and modify the way in which material was shown. Due to variations in the parsing rules between HTML and SVG, the vulnerabilities were connected with SVG components that were included in emails. This made it possible for attackers to insert malicious code.
Attackers may construct payloads that were immune to the examination of the HTML sanitizer by deftly altering these components, which would eventually result in the execution of arbitrary JavaScript.
In the event that these vulnerabilities were exploited successfully, attackers would have been able to obtain encrypted emails, private keys, and even de-anonymized users.A vulnerability of this kind would have given attackers the ability to impersonate victims and maybe acquire cryptographic keys, which would have posed a significant risk to the users of Proton Mail who are concerned about their online safety.
The SonarSource Research team responsibly notified these vulnerabilities to Proton Mail, which prompted the vendor to take rapid action. Proton Mail swiftly responded to the problems and put in place remedies to strengthen its security posture. Because of this proactive approach, there was no known instance of the vulnerabilities being exploited.
The method that Proton Mail used to reduce the risk posed by these vulnerabilities entailed completely deleting support for SVG from the service. This action addressed the particular vulnerabilities and decreased the attack surface, which contributed to an improvement in the system’s overall security.
The following is a list of recommendations made by SonarSource to help you avoid similar vulnerabilities in your own code:
It is best not to alter the data once it has been sanitized.
After sanitization, you should try not to re-parse the HTML if at all feasible.
Utilize cutting-edge methods of sanitation like DOMPurify, for example.
Maintain a current knowledge of security standards, and implement safe coding rules, to reduce potential hazards.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
