CVE-2024-55196 identifies a vulnerability in GoPhish version 0.12.1 related to insufficient protection of credentials used for configuring IMAP and SMTP mail servers. Specifically, the application stores these credentials in cleartext within its configuration, violating secure storage best practices and exposing sensitive authentication data. This vulnerability is classified under CWE-312, which concerns the storage of sensitive information in an insecure manner. The CVSS 3.1 base score of 7.5 reflects a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is primarily on confidentiality (C:H), with no direct effect on integrity or availability. An attacker who can access the GoPhish server or intercept configuration files can retrieve the cleartext credentials for the mail servers, potentially enabling unauthorized email access or manipulation. Although no exploits are currently known in the wild, the vulnerability poses a significant risk given the sensitive nature of email credentials and the role of GoPhish in phishing simulations, which often involve real mail infrastructure. The lack of available patches at the time of publication necessitates immediate attention to configuration management and access controls to mitigate risk.

The primary impact of CVE-2024-55196 is the compromise of confidentiality through exposure of cleartext credentials for IMAP and SMTP servers configured in GoPhish. Attackers gaining these credentials can access mail servers, potentially intercepting, sending, or manipulating emails. This can facilitate further phishing attacks, data breaches, or unauthorized access to sensitive communications. Since GoPhish is widely used for phishing simulations, attackers could leverage compromised credentials to undermine organizational security awareness programs or escalate attacks. The vulnerability does not directly affect system integrity or availability but can indirectly lead to reputational damage, regulatory penalties, and operational disruptions if email systems are abused. Organizations relying on GoPhish for security testing or email infrastructure should consider this a critical risk to their email security posture.

1. Immediately restrict access to GoPhish configuration files to authorized personnel only, using strict file system permissions and access controls. 2. Avoid storing mail server credentials in cleartext; if possible, use environment variables or secure vault solutions to manage sensitive configuration data. 3. Monitor and audit access logs for GoPhish servers and mail servers to detect unauthorized access attempts. 4. Implement network segmentation to limit exposure of GoPhish servers and mail infrastructure to trusted networks only. 5. Regularly update GoPhish to newer versions once patches addressing this vulnerability are released. 6. Consider encrypting configuration files or using application-level encryption for sensitive data. 7. Educate administrators on secure credential management practices and the risks of cleartext storage. 8. If credentials are suspected compromised, rotate passwords immediately and review mail server access for suspicious activity.