MDaemon Patch Bulletin – MD032420

Fix to Webmail Vulnerabilities

Published March 24, 2020

Summary

A cross-site scripting (XSS) vulnerability in MDaemon Webmail (WorldClient) was recently reported by Aayush Pokhrel of Eminence Ways Information Security. This vulnerability may impact all browser types.

To address this issue, the development team at MDaemon Technologies has released patches for affected versions of MDaemon.

For specific information, see the Affected Software Section below.

Recommendation: For MDaemon installations, MDaemon Technologies recommends that administrators download and install the appropriate update listed below

Known Issues: There are no known issues that customers may experience when installing this patch.

Affected Software

The following versions of MDaemon have been tested and determined to be affected. Please download the file version AND language based upon your current installation.

For versions 15.0 - 18.0 we have a replacement DLL. Download the correct ZIP file, stop MDaemon {and IIS if running Webmail in IIS), extract the ZIP to \MDaemon\WorldClient\HTML, then start MDaemon (and IIS).

For versions 18.5 - 19.5 we have full installers. Download the correct installer and run it.

MDaemon 19.5.X (32 bit)

19.5.5 - Select Your Language

MDaemon 19.5.X (64 bit)

19.5.5 64 bit - Select Your Language

MDaemon 19.0.X (32 bit)

19.0.4 - Select Your Language

MDaemon 19.0.X (64 bit)

19.0.4 64 bit - Select Your Language

MDaemon 18.5.X (32 bit)

18.5.4 - Select Your Language

MDaemon 18.5.X (64 bit)

18.5.4 64 bit - Select Your Language

MDaemon 18.0.X (32 bit)

18.0.31 - Select Your Language

MDaemon 18.0.X (64 bit)

18.0.31 64 bit - Select Your Language

MDaemon 17.5.X (32 bit)

17.5.41 - Select Your Language

MDaemon 17.5.X (64 bit)

17.5.41 64 bit - Select Your Language

MDaemon 17.0.X (32 bit)

17.0.41 - Select Your Language

MDaemon 17.0.X (64 bit)

17.0.41 64 bit - Select Your Language

MDaemon 16.5.X (32 bit)

16.5.41 - Select Your Language

MDaemon 16.5.X (64 bit)

16.5.41 64 bit - Select Your Language

MDaemon 16.0.X (32 bit)

16.0.61 - Select Your Language

MDaemon 16.0.X (64 bit)

16.0.61 64 bit - Select Your Language

MDaemon 15.5.X (32 bit)

15.5.61 - Select Your Language

MDaemon 15.5.X (64 bit)

15.5.61 64 bit - Select Your Language

MDaemon 15.0.X (32 bit)

15.0.61 - Select Your Language

MDaemon 15.0.X (64 bit)

15.0.61 64 bit - Select Your Language

Frequently Asked Questions (FAQ) Related to This Update

What is the impact?

This vulnerability may impact all users of MDaemon Webmail (formerly known as WorldClient).

What versions of MDaemon are affected?

Supported versions of MDaemon Email Server - versions 15.0.0 through 19.5.4. Users of earlier, un-supported versions of MDaemon are also encouraged to upgrade to the latest version to ensure they have the latest patches and security updates.

What do I need to do in order to resolve this issue?

Simply download and install the appropriate patch listed in the Affected Software Section of this update. There is no requirement to renew your license to obtain the fix.

Additional questions can be answered by contacting MDaemon Technologies Support.