Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
A potential impact to /e/mail
An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes.
SonarSource, in its disclosure timeline, said that it notified the maintainers of RainLoop of the bug on November 30, 2021, and that the software maker has failed to issue a fix for more than four months.
In the absence of patches, SonarSource is recommending users to migrate to a RainLoop fork called SnappyMail, which is actively maintained and unaffected by the security issue.
SnappyMail is a fork of the much appreciated RainLoop, but with massive changes…
Installation instructions - To Include Migration from Rainloop