Session IP check bypass in Roundcube 1.0

[Felix Eckhofer <felix () tribut de>]

Hi.

Roundcube 1.0-beta added support for the the X-Forwarded-For and 
X-Real-IP HTTP headers when the check_ip configuration option is set. 
This effectively allows the attacker to bypass the session IP check 
completely by setting one of these headers to the victim's IP address.

The problem is still present in the latest version (1.0).
Bug is being tracked here: http://trac.roundcube.net/ticket/1489729


Regards
felix