[bugs] [Bug 971] New - Logout does not destory session properly

bugs@bugs.horde.org bugs@bugs.horde.org
Wed, 5 Jun 2002 00:54:08 -0300

Previous message: [bugs] [Bug 941] Changed - Notice: Uninitialized string offset: 0 in /usr/local/horde-2.1/imp-3.1/lib/Tree.php on line 626
Next message: [bugs] [Bug 968] Changed - Important security issue in IMP 3.1 RC3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://bugs.horde.org/show_bug.cgi?id=971

*** shadow/971	Wed Jun  5 00:54:07 2002
--- shadow/971.tmp.21306	Wed Jun  5 00:54:07 2002
***************
*** 0 ****
--- 1,31 ----
+ Bug#: 971
+ Product: Horde
+ Version: other
+ Platform: PHP Code
+ OS/Version: Solaris
+ Status: NEW   
+ Resolution: 
+ Severity: critical
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck@horde.org                            
+ ReportedBy: cameron_green@hotmail.com               
+ URL: 
+ Summary: Logout does not destory session properly
+ 
+ Hi,
+ 
+ After "logging out" of IMP 3.0, if I use the history to access the same session
+ it happily lets me go to the inbox and read/delete etc mail.
+ 
+ This is a huge security flaw.
+ I would like more information about this ASAP, as if it is a configuration
+ problem, I have been able to replicate this on random installations of IMP3.0 on
+ the web, so it is widespread.
+ 
+ Regards,
+ 
+ Cameron Green
+ c.greenNPSP@Mits.uq.edu.au
+

Previous message: [bugs] [Bug 941] Changed - Notice: Uninitialized string offset: 0 in /usr/local/horde-2.1/imp-3.1/lib/Tree.php on line 626
Next message: [bugs] [Bug 968] Changed - Important security issue in IMP 3.1 RC3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]