Submitted by kato on Sun, 04/05/2009 - 00:02
Hi,
I logged into web mail (sitename:20000) and saw a bunch of email that didn't look like mine.
After a short investigation, I determined I was viewing another user's account who is on the system. Since I don't know that user's login/pass, I'm certain I didn't enter the wrong login.
This seems like a fairly large security hole, so I felt a need to report it. Unfortunately I couldn't determine the cause or reproduce it again. Yarr...
I did note that the user logged in to check his account via IMAP at appx the same time I logged in through webmin. So that's at least one clue. No other useful logs.
Hope this helps.
Status:
Closed (fixed)