Author Topic: Multiple accounts w/ multiple tabs (Read 3129 times)

w7 · « **on:** July 26, 2007, 02:30:14 AM »

Reporting a (small?) security issue:

Open two accounts in RC in two different browser tabs (IE7 here). You'll find RC gets confused and assumes the most recently opened account for both.

Say, open user Ua in tab Ta, then open user Ub in tab Tb. Admiter Ub's inbox, then return to Ta. Obvisously, Ua's inbox is still on display, but when you refresh the inbox (or do other things such as acessing Personal Preferences), tab Ta now shows user Ub's data.

I am not sure how serious this security breach is, given that I had permission to open both accounts in the first place, but it just doesn't seem right.

Florianer · « **Reply #1 on:** July 26, 2007, 02:51:45 AM »

I like to go one step further. I you now not logging out correctly, it can be, that RC hangs up internally and you can not log in to any of this both accounts. You have now to reset the entries in the database manually. This problem is also under Mozilla/Firefox 2.

SKaero · « **Reply #2 on:** July 26, 2007, 03:10:48 AM »

Quote from: Florianer

I like to go one step further. I you now not logging out correctly, it can be, that RC hangs up internally and you can not log in to any of this both accounts. You have now to reset the entries in the database manually. This problem is also under Mozilla/Firefox 2.

I have this happen a lot, because it also happen when a connection to the mail sever fails I posted the problem here: http://roundcubeforum.net/forum/index.php?topic=1853.0

Author Topic: Multiple accounts w/ multiple tabs (Read 3129 times)

w7

Multiple accounts w/ multiple tabs

Florianer

Re: Multiple accounts w/ multiple tabs

SKaero

Re: Multiple accounts w/ multiple tabs