oss-sec mailing list archives
Session IP check bypass in Roundcube 1.0
From: Felix Eckhofer <felix () tribut de>
Date: Wed, 09 Apr 2014 10:57:16 +0200
Hi.Roundcube 1.0-beta added support for the the X-Forwarded-For and X-Real-IP HTTP headers when the check_ip configuration option is set. This effectively allows the attacker to bypass the session IP check completely by setting one of these headers to the victim's IP address.
The problem is still present in the latest version (1.0). Bug is being tracked here: http://trac.roundcube.net/ticket/1489729 Regards felix
Current thread:
- Session IP check bypass in Roundcube 1.0 Felix Eckhofer (Apr 09)
- Re: Session IP check bypass in Roundcube 1.0 cve-assign (Apr 10)