[imp] Access to other users mailboxes
Eric Rostetter
eric.rostetter at physics.utexas.edu
Tue Apr 1 16:01:02 PST 2003
Quoting Myke Place <mp at xmission.com>:
> We've got a serious problem that I could really use some help with.
> Apparently, some users are logging into our IMP installation and getting
> the mailboxes of other users.
>
> I see in the logs that IMP is contacting the IMAP server and logging in,
> but on the Inbox screen, another users mail is displayed. We are using
> phpa with the follwing versions:
Either your sessions are getting reused, or your phpa is caching things
wrong. See http://cvs.horde.org/co.php/horde/docs/SECURITY for some
light reading, paying attention to the stuff about sessions and entropy
and the like.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the imp
mailing list