Hi, Title: Authentication bypass via Improper Session Management
Product: RoundcubeMail Tested version: 1.4.4 - 1.4.8 CVE: in progress Credit: Balazs Hambalko, IT Security Consultant Risk: The lack of proper session validation could lead an attacker to access the victim user's emails. Issue fixed: in next release URL: https://github.com/roundcube/roundcubemail/issues/7576 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
