[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: NeoMail 1.25

Subject: [cobalt-users] Re: NeoMail 1.25
From: Andy Robinowitz <andy_robinowitz@xxxxxxxxx>
Date: Thu Sep 20 15:39:46 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I just installed the NeoMail 1.25 and was testing
the program and found what I think is a bug. 
John Doe who runs www.site1.com can login via
another site on the same server (for example
www.site2.com/neomail/).  Then John enters his
username/password combo (for site1) and he is
granted access even though he is not associated
with www.site2.com.  It looks like John can now
send messages as john@xxxxxxxxxx

This seems this might be a security issues to me?

Anyone else notice this?  

Thanks,

Andy Robinowitz
Organic Hosting, LLC
http://www.organichosting.com

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

Follow-Ups:
- RE: [cobalt-users] Re: NeoMail 1.25
  - From: Paul H Upton
- Re: [cobalt-users] Re: NeoMail 1.25
  - From: Jeff Lasman

Prev by Date: [cobalt-users] MySQL and Webalizer
Next by Date: RE: [cobalt-users] Neomail 1.25 released on pkg.nl.cobalt.com
Previous by thread: [cobalt-users] MySQL and Webalizer
Next by thread: RE: [cobalt-users] Re: NeoMail 1.25

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index