Roundcube Community Forum

 

Multiple accounts w/ multiple tabs

Started by w7, July 26, 2007, 02:30:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

w7

July 26, 2007, 02:30:14 AM
Reporting a (small?) security issue:

Open two accounts in RC in two different browser tabs (IE7 here). You'll find RC gets confused and assumes the most recently opened account for both.

Say, open user Ua in tab Ta, then open user Ub in tab Tb. Admiter Ub's inbox, then return to Ta. Obvisously, Ua's inbox is still on display, but when you refresh the inbox (or do other things such as acessing Personal Preferences), tab Ta now shows user Ub's data.

I am not sure how serious this security breach is, given that I had permission to open both accounts in the first place, but it just doesn't seem right.

Florianer

#1
July 26, 2007, 02:51:45 AM
I like to go one step further. I you now not logging out correctly, it can be, that RC hangs up internally and you can not log in to any of this both accounts. You have now to reset the entries in the database manually. This problem is also under Mozilla/Firefox 2.
it\'s not a bug - it\'s a feature

SKaero

#2
July 26, 2007, 03:10:48 AM
Quote from: Florianer I like to go one step further. I you now not logging out correctly, it can be, that RC hangs up internally and you can not log in to any of this both accounts. You have now to reset the entries in the database manually. This problem is also under Mozilla/Firefox 2.
I have this happen a lot, because it also happen when a connection to the mail sever fails I posted the problem here: http://roundcubeforum.net/forum/index.php?topic=1853.0
Print
Go Up Pages1
User actions