Author |
|
Jeff U Groupie
Joined: 16 December 2007 Location: United States
Online Status: Offline Posts: 58
|
Posted: 12 October 2009 at 7:57am | IP Logged
|
|
|
We are seeing something strange. Is it possible (with the correct script) that someone could send emails through webmail without logging in?
|
Back to Top |
|
|
Jeff U Groupie
Joined: 16 December 2007 Location: United States
Online Status: Offline Posts: 58
|
Posted: 12 October 2009 at 7:57am | IP Logged
|
|
|
Forgot to add this is webmail lite PHP.
|
Back to Top |
|
|
Igor AfterLogic Support
Joined: 24 June 2008 Location: United States
Online Status: Offline Posts: 6092
|
Posted: 13 October 2009 at 2:59am | IP Logged
|
|
|
As far as we can tell, the only way to hack into WebMail Lite PHP is to hack the server it's installed on and forge PHP session data. We clearly realize security importance, and we've run a few tests trying to override account validity check, we were unable to reproduce any vulnerability issue.
Our software is monitored by multiple security advisors like Secunia, and we receive alerts once any vulnerability is found. Of course, they are fixed as soon as possible. At the moment, we're unaware of any security issues with either Lite or Pro versions of the product. If you have any information about such, please let us know; we suggest using HelpDesk for this purpose.
--
Regards,
Igor, AfterLogic Support
|
Back to Top |
|
|
Jeff U Groupie
Joined: 16 December 2007 Location: United States
Online Status: Offline Posts: 58
|
Posted: 13 October 2009 at 7:03am | IP Logged
|
|
|
Thanks Igor. We think it was a compromised password that led to the problem. We are continuing to monitor.
|
Back to Top |
|
|