Check out this KB article. This might help you understand the problem. http://support.ipswitch.com/kb/IM-20000523-DM01.htm
Basically, IMail uses a session key in it's URL so the server knows it's you when you go from page to page. The problem is there are a dozen ways to get this session key and "hijack" the user's session since it doesn't change very quickly (on each click or on a relatively short timeframe). This session key is the Xaf34c89b9... part after the URL and port. Thus, IPSwitch worked around the problem (instead of completely solving it), by checking your IP address on every page click also. This setting is the one mentioned in the KB article above. If you check "Ignore source address in security check", then this "fix" is no longer active and it becomes possible to hijack sessions again. The problem is some modem users have ..er.. "really" dynamic IP addresses. (I don't know what the technical term for it is.) This means their source IP address may change relatively quickly. If you uncheck "Ignore source address in security check", these users will get booted out of their IMail sessions because it "looks" like they are hijacking the session (since their IP address is different). So, currently, as far as I know, there is no way to keep modem users from getting kicked and having a secure server. But hey, even if this was fixed, there are still plenty of other security problems to pick on... -Norm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of florida.com Sent: Friday, June 14, 2002 8:51 AM To: [EMAIL PROTECTED] Subject: [IMail Forum] Possible security flaw Just got this email from a guy: ( see below) I could not reproduce as I don't have same software on my server to readily access my referrers. Maybe someone can reproduce this? ------------------------------------------------------------------------ -------------------- >Dear Sir, >When checking the incoming referrers from my website, I noticed that I could get in one of your >customers e-mail box: >http://email.florida.com:8383/Xaf34c89b9bc9cfcc98e81bcf27/button.cgi (session expired already dk ) Sincerely, David Kaleky www.Florida.com www.AtlanticCity.com www.Moshiach.com Tel: 561-995-1656 FAX: 425-799-5963 PS. Great Hotel and Condo Deals *WorldWide* are found at http://www.FLORIDA.com Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
