[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RV: NeoMail 1.25

Subject: [cobalt-users] RV: NeoMail 1.25
From: "Adrian Boismoreau" <aboismoreau@xxxxxxxxxxxxxxx>
Date: Thu Sep 20 20:22:19 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I've installed many webmails scripts, and with them happened the same thing.
I think that's because both domains share the same IP address. Anyway, the
user is accessing his own email account, and not others.
Regards,

Adrián Boismoreau
___________________
S K Y  m e d i a
www.skymedia.com.ar
info@xxxxxxxxxxxxxxx

----- Mensaje original -----
De: Andy Robinowitz
Para: cobalt-users@xxxxxxxxxxxxxxx
Enviado: Jueves, 13 de Septiembre de 2001 09:56 p.m.
Asunto: [cobalt-users] Re: NeoMail 1.25


I just installed the NeoMail 1.25 and was testing
the program and found what I think is a bug.
John Doe who runs www.site1.com can login via
another site on the same server (for example
www.site2.com/neomail/).  Then John enters his
username/password combo (for site1) and he is
granted access even though he is not associated
with www.site2.com.  It looks like John can now
send messages as john@xxxxxxxxxx

This seems this might be a security issues to me?

Anyone else notice this?

Thanks,

Andy Robinowitz
Organic Hosting, LLC
http://www.organichosting.com

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

Prev by Date: [cobalt-users] Admin Site Limits
Next by Date: Re: [cobalt-users] [Raq4] Accessing SSL Keys?
Previous by thread: Re: [cobalt-users] Admin Site Limits
Next by thread: [cobalt-users] Perl problems (still!)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index