It is a fault of Imail in that they do not properly use cookies to authenticate the session. They either use the URL or the IP address.
IP address too secure URL not secure, Cookies good compromise. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of Mike N > Sent: Wednesday, August 09, 2006 1:59 PM > To: Imail_Forum@list.ipswitch.com > Subject: Re: [IMail Forum] I can read someone else's Imail account from > my blog link > > > http://support.ipswitch.com/kb/IM-19981216-CK02.htm > > It's a security hole, but not a fault of Imail. If the ISP has any > customers on AOL, they have been forced to turn on the "Ignore Source > Address in Security Check" feature. > > You might inform the woman about forwarding E-mail links, or logging > out of her account after forwarding. > > > ----- Original Message ----- > > This was weird. I checked my Wordpress referrer links today and one > of > > them was from a mail.domainname.com account. I clicked the link and > it > > took me into this woman's Imail message. Apparently, someone had > > forwarded my blog entry to her in an email, and she clicked the link > > to pass through to my site. With another click on the Menu option, I > > was into her entire IMail account. I can see she has 18 messages, > > using 5MB of disk space, etc. > > > > Is this an Imail security hole? (it looks like it might be 8.5) > > > > Did the ISP screw up when they installed this? > > > > Do I alert them? > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail- > archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
