[Tickets #4085] RESOLVED: Root authentication should be deniable
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Jun 29 00:33:40 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4085
-----------------------------------------------------------------------
Ticket | 4085
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Root authentication should be deniable
Queue | IMP
Version | 4.1.2
State | Rejected
Priority | 1. Low
Type | Enhancement
Owners |
-----------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2006-06-29 00:33) wrote:
> 1. Attacker finds an exploit to gain restricted access (the Horde
> help bug for example)
Then update Horde when an exploit is found and fixed.
> 2. Attacker uses IMP to remotely (possibly from different addresses
> to cover his track) to find the root password
> I imagine the situation where IMP runs on the mail server, but POP is
> limited to the internal network only is actually quite common, so
> this is likely something that other users might be struggling with as
> well.
But once again, if you tighten the security at the POP server level then
you prevent attacks from *any* application connecting to it, not just POP.
Obviously, you can do whatever hacking you need to on your local server,
but there is absolutely no need for this kind of security check in IMP or
Horde. Completely redundant and unnecessary.
More information about the bugs
mailing list