atzanteoltoSelfhosted@lemmy.worldEnglish·2 months agoRoundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords(thehackernews.com)external-linkarrow-up194arrow-down10message-square4file-textfedilink
arrow-up194arrow-down1external-linkRoundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords(thehackernews.com)atzanteoltoSelfhosted@lemmy.worldEnglish·2 months agomessage-square4file-textfedilink
minus-squareshadowbertEnglisharrow-up2arrow-down0·2 months agolinkfedilinkIt’s only if you view a specifically crafted email in the web client… still worth upgrading of course.
minus-squareatzanteolOPEnglisharrow-up6arrow-down0·2 months agolinkfedilinkOnly? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.
minus-squareshadowbertEnglisharrow-up3arrow-down0·2 months agolinkfedilinkTrue, but it presumably would still require the user to open them. But, I was mostly worried that just having the server installed would be enough.
It’s only if you view a specifically crafted email in the web client… still worth upgrading of course.
Only? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.
True, but it presumably would still require the user to open them.
But, I was mostly worried that just having the server installed would be enough.