The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webmail Security Issue

Discussion in 'Security' started by edfortmiller, Jan 8, 2004.

  1. edfortmiller

    edfortmiller Registered

    Joined:
    Jan 6, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    If I do http://domain.com/webmail I get prompted for a name and password and then get dispatched to: http://domain.com:2095/ which tells me I'm logged in and gives me the choice of 3 webmail applications. I choose SquirrelMail and do my thing. I then hit SignOut and I get told that I've successfully signed out.

    But I'm not really signed out. If I were at a Public Terminal all a person behind me would have to do is come and hit the browser back button twice and they are back at my cPanel Email management window fully logged in and where they could get at my email or even forward my email using the Forward Options. In fact short of killing the browser off and restarting it you appear to always be logged in. If you are at a public terminal there most likely is not a way to kill the browser off. Even if I close the browser window and come back and do http://domain.com/webmail I'm still logged in.

    To me this is a major security issue and would prevent me from using webmail to access my mail while at a public terminal where I cannot kill and restart the browser.

    Is there a solution or a work around for this webmail security problem?
     
  2. majidalam

    majidalam Registered

    Joined:
    Aug 15, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I am also looking solution for this .
    anyhelp highly appricated.
    chao
     
  3. cortices

    cortices Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Dallas, TX
    Older versions of Mozilla had problems recognizing a logout. However, closing the browser *always* logged me out, no matter what. Make sure that the browser is actually closed. That means *all* the browser windows and associated programs.
     
  4. majidalam

    majidalam Registered

    Joined:
    Aug 15, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
  5. majidalam

    majidalam Registered

    Joined:
    Aug 15, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    neomail also have same flaw,when u press back after logout ,it shows all emails.

    Any body help

    Chao!
     
  6. edfortmiller

    edfortmiller Registered

    Joined:
    Jan 6, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I tried this with Internet Explorer and the problem exists with that also.

    The issue is when using a browser at a public location there usually is no way to close the browser down and restart it which means there is a SERIOUS SECURITY PROBLEM.

    In the meantime it looks like the only solution to this security problem is to forward email to a Yahoo account (or other service) when traveling which allows one to log out without requiring the browser to be killed off.

    A way to log off of the cPanel Mail Management window needs to be implemented.
     
  7. cortices

    cortices Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Dallas, TX
    Yeah, that's a good point I hadn't considered. I was surprised to find that Webmail did not have a logout link. I wonder if such a script exists, just not linked inside the theme?
     
Loading...

Share This Page