Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords (thehackernews.com)
from atzanteol@sh.itjust.works to selfhosted@lemmy.world on 08 Aug 2024 05:00
https://sh.itjust.works/post/23379303

If you’re self hosting roundcube be sure to update.

#selfhosted

threaded - newest

cheddar@programming.dev on 08 Aug 2024 08:44 next collapse

I’m not surprised. A cube can’t be round. That’s an obvious design flaw.

shadowbert@lemmy.world on 10 Aug 2024 09:41 collapse

It’s only if you view a specifically crafted email in the web client… still worth upgrading of course.

atzanteol@sh.itjust.works on 10 Aug 2024 12:08 collapse

Only? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.

shadowbert@lemmy.world on 10 Aug 2024 12:52 collapse

True, but it presumably would still require the user to open them.

But, I was mostly worried that just having the server installed would be enough.