Roundcube issue – Auth bypass via Improper Session Management

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Balázs Hambalkó on Sep 01


Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version: 1.4.4 – 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant

Risk: The lack of proper session validation could lead an attacker to
access the victim user’s emails.

Issue fixed: in next release


If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source
Available for Amazon Prime