Email Vulnerability in Ensim webpliance 3.0 - 3.1

Is there a way to disable this so called "feature". It has to do with the email alias feature given to site X users in the user admin panel. The email alias feature intercepts email to actual POPs if they are named the same.

So if i know your bob at domain.com and i am on domain.com with a valid user acount i can intercept your email.

http://securitytracker.com/alerts/2002/Aug/1004938.html

http://www.ensim.com/ubb/Forum11/HTML/000248.html

This is a definate issue if users can highjack other known users email.

Thanks

 

 

 

 

Top