Hi.. In a security bulletin that I receive I noticed the following. I was not aware of this but most of you are perhaps aware. Just in case people have not applied 7.06 - this may be an added incentive.
---- 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, [EMAIL PROTECTED]) * SESSION AUTHENTICATION URL EXPOSED IN IPSWITCH IMAIL SERVER Obscure discovered a vulnerability in Ipswitch IMail Server 7.05 and earlier. When a user logs on to his or her account through the IMail Server Web interface, the application uses a unique URL to maintain the session authentication. By sending an HTML email message that references an image on another server, an attacker can easily obtain the unique URL by using the referrer field in the HTTP header. Ipswitch has released version 7.06, which resolves this concern. http://www.secadministrator.com/articles/index.cfm?articleid=24469 ---- Regards, Kami Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
