| Author |
|
Jeff U
Groupie
Joined: 16 December 2007
Location: United States
Online Status: Offline
Posts: 58
|
| Posted: 12 October 2009 at 7:57am | IP Logged
|
|
|
We are seeing something strange. Is it possible (with the correct script) that someone could send emails through webmail without logging in?
|
| Back to Top |
|
| |
Jeff U
Groupie
Joined: 16 December 2007
Location: United States
Online Status: Offline
Posts: 58
|
| Posted: 12 October 2009 at 7:57am | IP Logged
|
|
|
Forgot to add this is webmail lite PHP.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6092
|
| Posted: 13 October 2009 at 2:59am | IP Logged
|
|
|
As far as we can tell, the only way to hack into WebMail Lite PHP is to hack the server it's installed on and forge PHP session data. We clearly realize security importance, and we've run a few tests trying to override account validity check, we were unable to reproduce any vulnerability issue.
Our software is monitored by multiple security advisors like Secunia, and we receive alerts once any vulnerability is found. Of course, they are fixed as soon as possible. At the moment, we're unaware of any security issues with either Lite or Pro versions of the product. If you have any information about such, please let us know; we suggest using HelpDesk for this purpose.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
Jeff U
Groupie
Joined: 16 December 2007
Location: United States
Online Status: Offline
Posts: 58
|
| Posted: 13 October 2009 at 7:03am | IP Logged
|
|
|
Thanks Igor. We think it was a compromised password that led to the problem. We are continuing to monitor.
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Webmail hackable?
Privacy policy |
Refund policy