FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- arbitrary password resets

Affected packages
roundcube < 1.2.5,1

Details

VuXML ID bce47c89-4d3f-11e7-8080-a4badb2f4699
Discovery 2017-04-28
Entry 2017-06-09

Roundcube reports:

Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

[source]

References

CVE Name CVE-2017-8114
URL https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.