Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Roundcube Webmail登录表单敏感信息泄露漏洞
Vulnerability Description
RoundCube Webmail是一款基于浏览器的IMAP客户端(邮件客户端),它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 0.5.1之前版本中的登录表单没有正确处理认证,而是进行了意外的登陆尝试。远程认证用户可以通过安排受害者登录攻击者的账户并构成电子邮件信息,从而获取敏感信息。该漏洞与“登录CSRF”问题有关。
CVSS Information
N/A
Vulnerability Type
N/A