[Tickets #4085] RESOLVED: Root authentication should be deniable

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Jun 29 00:33:40 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=4085
-----------------------------------------------------------------------
 Ticket             | 4085
 Updated By         | Michael Slusarz <slusarz at horde.org>
 Summary            | Root authentication should be deniable
 Queue              | IMP
 Version            | 4.1.2
 State              | Rejected
 Priority           | 1. Low
 Type               | Enhancement
 Owners             | 
-----------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2006-06-29 00:33) wrote:

> 1. Attacker finds an exploit to gain restricted access (the Horde 
> help bug for example)

Then update Horde when an exploit is found and fixed.

> 2. Attacker uses IMP to remotely (possibly from different addresses 
> to cover his track) to find the root password
> I imagine the situation where IMP runs on the mail server, but POP is 
> limited to the internal network only is actually quite common, so 
> this is likely something that other users might be struggling with as 
> well.

But once again, if you tighten the security at the POP server level then
you prevent attacks from *any* application connecting to it, not just POP.
 

Obviously, you can do whatever hacking you need to on your local server,
but there is absolutely no need for this kind of security check in IMP or
Horde.  Completely redundant and unnecessary.




More information about the bugs mailing list