Full Disclosure mailing list archives
Roundcube issue - Auth bypass via Improper Session Management
From: Balázs Hambalkó <hambalko.balazs () gmail com>
Date: Tue, 1 Sep 2020 11:50:53 +0200
Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 - 1.4.8 CVE: in progress Credit: Balazs Hambalko, IT Security Consultant Risk: The lack of proper session validation could lead an attacker to access the victim user's emails. Issue fixed: in next release URL: https://github.com/roundcube/roundcubemail/issues/7576 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Roundcube issue - Auth bypass via Improper Session Management Balázs Hambalkó (Sep 01)