Hi
A vulnerability was reported in SqWebMail. A remote user can obtain a target
user's session ID and hijack the target user's session.
http://www.securitytracker.com/alerts/2003/Nov/1008227.html
IMHO this vulnaribility could not happen when you mark 'remember IP-Address'
when you log into SQWebmail. Is this right?
Is a patch in sight?
Bernd Beining
- [sqwebmail] Re: Session Hijacking in "Sqwebmail" B . Beining
- [sqwebmail] Re: Session Hijacking in "Sqwebmail&... Sam Varshavchik
