atzanteol@sh.itjust.works to Selfhosted@lemmy.worldEnglish · 4 months agoRoundcube Webmail Flaws Allow Hackers to Steal Emails and Passwordsthehackernews.comexternal-linkmessage-square3fedilinkarrow-up193arrow-down12file-text
arrow-up191arrow-down1external-linkRoundcube Webmail Flaws Allow Hackers to Steal Emails and Passwordsthehackernews.comatzanteol@sh.itjust.works to Selfhosted@lemmy.worldEnglish · 4 months agomessage-square3fedilinkfile-text
minus-squareshadowbert@lemmy.worldlinkfedilinkEnglisharrow-up2·4 months agoIt’s only if you view a specifically crafted email in the web client… still worth upgrading of course.
minus-squareatzanteol@sh.itjust.worksOPlinkfedilinkEnglisharrow-up6·4 months agoOnly? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.
minus-squareshadowbert@lemmy.worldlinkfedilinkEnglisharrow-up3·4 months agoTrue, but it presumably would still require the user to open them. But, I was mostly worried that just having the server installed would be enough.
It’s only if you view a specifically crafted email in the web client… still worth upgrading of course.
Only? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.
True, but it presumably would still require the user to open them.
But, I was mostly worried that just having the server installed would be enough.