[imp] Security - user A got into userB's email
Michael M Slusarz
slusarz at bigworm.colorado.edu
Wed Oct 22 09:53:37 PDT 2003
Quoting Kim Hoffman <khoffman at uwo.ca>:
| We have 3 systems servicing web mail. A front end load balancer is used
| to
| load balance the traffic to these 3 systems. The load balancer is state
| aware.
| So when a user logins to server A, he stays on server A for all his
| sessions.
| The sessions are files kept locally on each of the 3 servers.
|
| We had user A who bookmarked
|
| https://xxx.xxx.xxx/horde/imp/mailbox.php?
| Horde=fe4c04a1d4e6135cc41e7bdbb6603111&mailbox=INBOX
|
| and got into user B's mailbox. The user told me that she got into the
| same user's (user B's) mailbox about 3 times over a number of days.
Upgrade to Horde 2.2.4/IMP 3.2.2:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.79&r2=1.207.2.80&ty=h
michael
______________________________________________
Michael Slusarz [slusarz at bigworm.colorado.edu]
The University of Colorado at Boulder
More information about the imp
mailing list