eM Client banned for Vulnerability

At our university, the usage of eM Client to access the Office365 based email system was just banned due to some claimed security vulnerability related to the possibility of it creating mail forwarding rules withouth the user knowing about it. It was claimed by the it security staff that due to this it is being used to implement some sort of attacks.

I would like to continue using eM Client, and thus, would like to raise this issue to your attention. I hope you can find a way to avoid this issue in future versions, and that I can resume using the application for email and calendars.

That’s not possible.

The only way eM Client can forward messages is if you do it yourself, so either by clicking on the Forward button or you specifically create a Rule to do it.

1 Like

I am just coveying to the best of my understanding what the IT staff told me when I asked why they suddenly disabled access to eM Client, and when I created a support ticked about it in the university system. The issue was related to security, mail forwarding rules and it being exploited (probably not on our campus but over the internet in general).

From my own experience, Many Universities also just blanket block external mail clients as they eg: “only want certain ones used in-house and so say they are security risks”. Just uni rules.

Sure that can happen. In this case I have been using eM Client for several years. But this was the reason they gave for disabling access for it now.

Can you give us a contact to somebody from IT stuff. I believe this is a total nonsense.

1 Like

Sure, somehow I feel that is the case too. Here is email address of the ICT-services: ICT (at) oulu.fi

You could perhaps include my case number “[Request ID :##RE-2007939##]” without the quotes in the subject.

Thanks. My colleague is in contact with the support team.

It seems to be another case of the attack described here: The National Cyber Security Centre Finland’s weekly review – 11/2024 | NCSC-FI

The attackers send phishing emails appearing to link to a shared document on OneDrive/DropBox. The user then clicks on the link and is asked to fill in their username and password. The attacker then uses it to hijack the account and spread more phishing emails. Unfortunately, while eM Client is not involved in stealing the password, the attackers seem to use it with the stolen credentials. We have no way to prevent this since it’s a desktop application and the malicious requests are only sent between the attacker and Microsoft server and not through our infrastructure.

We have very little information about the actual mechanism of the attack itself, and so far we didn’t receive access to any of the phishing emails.