[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: NeoMail 1.25

Subject: [cobalt-users] Re: NeoMail 1.25
From: "Joe Boise" <my_hidden_email@xxxxxxxxx>
Date: Thu Sep 20 22:05:23 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I agree I brough this up already and nobody responded.

Joe

Message: 17
Date: Thu, 13 Sep 2001 17:56:20 -0700 (PDT)
From: Andy Robinowitz <andy_robinowitz@xxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Re: NeoMail 1.25
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

I just installed the NeoMail 1.25 and was testing
the program and found what I think is a bug. 
John Doe who runs www.site1.com can login via
another site on the same server (for example
www.site2.com/neomail/).  Then John enters his
username/password combo (for site1) and he is
granted access even though he is not associated
with www.site2.com.  It looks like John can now
send messages as john@xxxxxxxxxx

This seems this might be a security issues to me?

Anyone else notice this?  

Thanks,

Andy Robinowitz
Organic Hosting, LLC
http://www.organichosting.com

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

--__--__--

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users

End of cobalt-users Digest

Follow-Ups:
- Re: [cobalt-users] Re: NeoMail 1.25
  - From: Revd leonard payne

Prev by Date: RE: [cobalt-users] Dead list?
Next by Date: [cobalt-users] .htpasswd/access issues on a RAQ3
Previous by thread: Re: [cobalt-users] Re: NeoMail 1.25
Next by thread: Re: [cobalt-users] Re: NeoMail 1.25

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index