[Tickets #8331] Re: shall we need a token for logout?
bugs at horde.org
bugs at horde.org
Mon Jun 8 15:22:56 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8331
------------------------------------------------------------------------------
Ticket | 8331
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | shall we need a token for logout?
Queue | Horde Framework Packages
Version | FRAMEWORK_3
Type | Enhancement
-State | New
+State | Rejected
Priority | 1. Low
Milestone |
-Patch | 1
+Patch |
Owners |
------------------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2009-06-08 11:22) wrote:
By doing this your users can be logged out by someone who includes an
image in an email pointing to a logout link. It's a denial of service
type of attack.
More information about the bugs
mailing list