Roundcube issue – Auth bypass via Improper Session Management

Posted by Balázs Hambalkó on Sep 01

Hi,

Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version: 1.4.4 – 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant

Risk: The lack of proper session validation could lead an attacker to
access the victim user’s emails.

Issue fixed: in next release

URL:
https://github.com/roundcube/roundcubemail/issues/7576

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source