Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Roundcube issue - Auth bypass via Improper Session Management

From: Balázs Hambalkó <hambalko.balazs () gmail com>
Date: Tue, 1 Sep 2020 11:50:53 +0200
Hi,

Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version:  1.4.4 - 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant


Risk: The lack of proper session validation could lead an attacker to
access the victim user's emails.

Issue fixed: in next release

URL:
https://github.com/roundcube/roundcubemail/issues/7576

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: