John, I see in version 7.1 help file: 6. Turn on Ignore source address in security check if you want the web server to ignore the IP address that requested the page. This can be useful with some firewalls and with service providers that use dynamic IP addresses (such as America Online). (Normally, the web server checks the IP address that requested the page against the IP address from which the user logged on.)
Does this mean to leave it unchecked to stop the hole? If I check the box isn't it suppose to ignore the ip address? ~So leaving it unchecked would force the security check right? maybe they should say.. "Place a checkmark in the box" to disable the security check and to keep aol customers happy? Is their anyway to force a cookie dump via cgi script to one of the templates that whould hopefully disable the hole? or rather 'flaw'. ~Rick John Tolmachoff wrote: > I had previously had a user that Ipswitch said to have him connect, to > uncheck that box to allow him to connect being that he was on Starband. > > Now that this has been confirmed to be a security hole, I am checking > that box and resubmitting this incident to Ipswitch. > > They better come up with a fix soon. > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Stein Langlie > Sent: Friday, June 14, 2002 9:11 AM > To: [EMAIL PROTECTED] > Subject: Re: [IMail Forum] Possible security flaw > > I have replicated this issue. This is exactly the type of scenario that > I am concerned about. The referrer the guy was talking about was put > into his web log because someone was in your webmail and clicked on a > link. Since the person was still logged in (and you have "check source > ip" unchecked) the iMail url the user was at could be used to enter that > user's e-mail session. Scary stuff. > > I don't want to alienate AOL users or other users whos have ip address > changes from page to page - but perhaps I shouldn't worry about them and > just check the magic "check source ip" box. Fortunately, the potential > for abuse lies primarily with network admins (the good guys), and not > spammers (bad guys). > > Cheers, > Stein Langlie > > > > > ---------- Original Message ---------------------------------- > From: "florida.com" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 14 Jun 2002 09:50:57 -0400 > > >>Just got this email from a guy: ( see below) >> >>I could not reproduce as I don't have same software on my server to >>readily access my referrers. >>Maybe someone can reproduce this? >> >> >>----------------------------------------------------------------------- >> > - > >>-------------------- >> >>>Dear Sir, >>> >>>When checking the incoming referrers from my website, I noticed that I >>> >>could get in one of your >customers e-mail box: >> >> >>>http://email.florida.com:8383/Xaf34c89b9bc9cfcc98e81bcf27/button.cgi >>> >>(session expired already dk ) >> >> >>Sincerely, >> >>David Kaleky ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
