Roundcube issue – Auth bypass via Improper Session Management

September 1, 2020

Posted by Balázs Hambalkó on Sep 01

Hi,

Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version: 1.4.4 – 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant

Risk: The lack of proper session validation could lead an attacker to
access the victim user’s emails.

Issue fixed: in next release

URL:
https://github.com/roundcube/roundcubemail/issues/7576

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

image

[PEAR] – Ransomware Victim: GFF&F – Galine, Frye, Fitting & Frangos, LLP

October 17, 2025
image

[AKIRA] – Ransomware Victim: Manko Window Systems

October 17, 2025
image

[AKIRA] – Ransomware Victim: Tenryu America

October 17, 2025
hackerone

HackerOne Bug Bounty Disclosure: smtp-command-injection-vulnerability-in-libcurl-via-rfc-suffix-spolu-dust

October 17, 2025
image

[RADAR] – Ransomware Victim: Sold Real Estate, Sold RE PTY LTD

October 17, 2025