[imp] IE Problem with history (security)
Michael M Slusarz
slusarz at bigworm.colorado.edu
Tue Mar 2 22:14:09 PST 2004
Quoting jason at freemotion.bb:
> i am having this same problem!!
> my users are actually deleteing other peoples mail also.
>
> I have set the session to die when the browser closes.
> i have also tryed no sesion management, but this happens still..
>
> Quoting Ian Roberts <ianto_panto at mac.com>:
>
>> I have a problem with ie on windows ox (haven't experienced the
>> problem with other browsers) where someone logs in and reads the
>> emails. THEN when logged out, or after reboot, another user with no
>> mail account can gain access to the read emails by beginning to
>> write the URL of the webmail and they will get a list of links with
>> random numbers and if you choose one of these you can gain access to
>> that whether its an email or something.
>>
>> How can this be prevented?
Are you using the latest version of Horde (2.2.4) and IMP (3.2.2)?
From horde/docs/CHANGELOG:
[mms] SECURITY: Add code to protect against session fixation issues.
michael
______________________________________________
Michael Slusarz [slusarz at bigworm.colorado.edu]
The University of Colorado at Boulder
More information about the imp
mailing list