+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Security Advisories (/forum-7.html)
+--- Thread: [solved] Security Problem detected (/thread-1178.html)
[solved] Security Problem detected - joximu - 08-18-2007 02:21 AM
Hi
Platzwart had a problem on his server and mentioned that this could be a security issue:
A customer can add a domain-alias, eg. gmx.net
Then he adds an emailaddress for this domain: all@gmx.net
and then he can add a catchall for gmx.net to go into this new mailbox.
Well - all mails to gmx.net which are sent over this server (webmail, smtp...) will go to the customers account.
I checked this and got an email to djkherjkghekj@gmx.net to my web.de account...
This is *not really* good.... (better: this is really not good)
What are others thinking about (besides opening a ticket)...
http://www.isp-control.net/ispcp/ticket/573
/Joximu
RE: Security Problem detected - MicCo - 09-05-2007 03:57 PM
Hmmm, if I got it right,
- then what you are saying is that one of more users on an server can make an catcall e-mail address, and then recive e-mails from other users account ! ?.
This will be an very serious security issue, I will have serious problems as lots of my users are medical companies, dealing with a lot of money, so if an e-mail can be snapped by others, then the hosting ain't secure and an host can get in rearl trouble.