Web mail showed wrong account


I logged into web mail (sitename:20000) and saw a bunch of email that didn't look like mine.

After a short investigation, I determined I was viewing another user's account who is on the system. Since I don't know that user's login/pass, I'm certain I didn't enter the wrong login.

This seems like a fairly large security hole, so I felt a need to report it. Unfortunately I couldn't determine the cause or reproduce it again. Yarr...

I did note that the user logged in to check his account via IMAP at appx the same time I logged in through webmin. So that's at least one clue. No other useful logs.

Hope this helps.

Closed (fixed)