Roundcube issue – Auth bypass via Improper Session Management

September 1, 2020

Posted by Balázs Hambalkó on Sep 01

Hi,

Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version: 1.4.4 – 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant

Risk: The lack of proper session validation could lead an attacker to
access the victim user’s emails.

Issue fixed: in next release

URL:
https://github.com/roundcube/roundcubemail/issues/7576

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 18, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 18, 2024
Basta

Black Basta Ransomware Victim: doyon[.]com | doyondrilling[.]com

April 18, 2024
image 4

Akira Ransomware Victim: Serfilco, RP Adams, Baron Blakeslee, Pac er, Service Filtrati on of Canada, Polyma r[.]

April 18, 2024
cybersecurity

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

April 18, 2024