Bugtraq mailing list archives
Re: Accounts easily compromised on Critical Path web mail service, CP does not respond after 30 days.
From: Michael Serbinis <ms () CP NET>
Date: Fri, 25 Aug 2000 22:13:41 -0000
It was recently reported on Bugtraq that a loophole was found in Critical Paths Webmail product. Upon identifying this bug, Critical Paths team quickly developed and implemented a bug fix. Action was taken immediately and the patch was rolled into production after the proper quality assurance reviews were conducted. Critical Path has now modified the way cookies are used in its Webmail product, improving security for all its customers. Cookies will change every time a user logs in, being session specific. All sessions initiated with out-of- date or invalid cookies will be ignored. In addition, the web mail software escapes html/script entities to prevent malicious code from affecting user security. None of Critical Paths customers experienced any impact from this bug. The fact remains that security will continue to be an ongoing challenge for any company on or associated with the Internet. Critical Path will continue to maintain the high security standards that its customers expect.
Current thread:
- Accounts easily compromised on Critical Path web mail service, CP does not respond after 30 days. Jeffrey W. Baker (Aug 22)
- Re: Accounts easily compromised on Critical Path web mail service, CP does not respond after 30 days. Michael Serbinis (Aug 25)