[bugs] [Bug 968] New - Important security issue in IMP 3.1 RC3

bugs@bugs.horde.org bugs@bugs.horde.org
Sun, 2 Jun 2002 20:35:15 -0300

Next message: [bugs] [Bug 967] Changed - can not attach file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://bugs.horde.org/show_bug.cgi?id=968

*** shadow/968	Sun Jun  2 20:35:14 2002
--- shadow/968.tmp.2179	Sun Jun  2 20:35:14 2002
***************
*** 0 ****
--- 1,26 ----
+ Bug#: 968
+ Product: Horde
+ Version: 2.1 Unstable
+ Platform: other
+ OS/Version: Linux
+ Status: NEW   
+ Resolution: 
+ Severity: critical
+ Priority: P5
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck@horde.org                            
+ ReportedBy: alietss@yahoo.com               
+ URL: 
+ Cc: alietss@yahoo.com
+ Summary: Important security issue in IMP 3.1 RC3
+ 
+  Hi all:  
+ Testing Horde 2.1 RC3 IMP 3.1 RC3 I've found a critical security issue. I'm  
+ using Linux RedHat 7.3 Apache 1.3.23 PHP-4.2.1 Imap 2001 the web browser where  
+ I observed this was in Konqueror of KDE not tested in MSIE. Authentication 
+ method is IMP. Well the problem is that if you log in as user A and after you 
+ logout and in the same window you login as another user B rather than  see the 
+ inbox of B you see the inbox of A, the previous user wich already logout, you 
+ can read the mail of A do it everything as him. 
+                                                Hope this help Bye Aliet

Next message: [bugs] [Bug 967] Changed - can not attach file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]