Magento New Zend Framework 1 Security Vulnerability Update

  • author-img Nidhi Arora
  • 5 years

Recently, a serious vulnerability has become apparent in Magento’s new Zend framework 1 and email component. Each Magento 1 and Magento 2 based software and other PHP solutions make use of this component. This serious vulnerability can grant attackers the opportunity to attack remote code execution if your server is using Sendmail as your mail transport agent.

So don’t be a victim! To counteract your Magento store against this security breach, we strongly recommend you to immediately examine your mail sending settings. Be there with your system settings which are used to empower the “Reply to” address for emails directed from your Magento store:

Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

First off, you need to examine the value set for “Set Return-Path”. If this value is set to “Yes”, and your server makes use of Sendmail, your Magento store is vulnerable to this security breach. There is no need for any worry for Enterprise Cloud Edition customers as they’re not at any major risk for their existing configurations.

We at Envision Ecommerce recommend you to switch the value of your “Set Return-Path” to “No” until any security patch comes into existence against this vulnerability from Magento’s side, irrespective of whatever transport agent used. We hope that Magento will provide security patches against this vulnerability over the subsequent several weeks.

In case if you need help, you can contact us for a security analysis. We’d be glad to help you through the analysis process to let you know about your Magento store’s vulnerability against this security breach.

Download Blog


Ready to Get started

Communication is the key for us to understand each other. Allow us to understand
your requirements or queries. Present us with an opportunity to serve you.

Fill out the form and out team will get back to you
within 24 hours

    Head Office

    1250 Pittsford Victor Road Ste 310
    Pittsford, NY 14534

    Development Center

    Plot no. 10, Rajiv Gandhi
    Chandigarh Technology Park