Ehsan Cod3r Discovers Mail.Ru Vulnerability

Iranian whitehat cybersecurity researcher Ehsan Hosseini -aka Ehsan Cod3r- has disclosed a send edited message vulnerability in the Russian mail provider software The vulnerability is in the design allowing a potential privilege escaltion to the attacker. Ehsan Cod3r also credits Porya.


See the following links from Ehsan to show how the application was vulnerable:

Video :
Result :
Summary of vulnerability is here and other vulnerabilities discovered by Ehsan is here

Responsible Disclosure Timeline

12 Sep 2016 – Discover Vulnerability
16 Sep 2016 – Report To Vendor
28 Sep 2016 – Confirmed This Issue
28 Sep 2016 – Mail.Ru rewarded $150 bounty.
01 Jan 2017 – Public Disclosure

Contact: [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *