[RCU] Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)

Computerisms Corporation bob at computerisms.ca
Fri Feb 9 18:12:46 CET 2018


did you check if there is a matching logon on your imap server?  maybe 
enable password logging if you can and log in as his user and see what 
he sees?  did you confirm that your roundcube is configured to use the 
correct imap server?

On 2018-02-09 01:33 AM, Jorge Bastos wrote:
> Ok, another login just right now:
> 
> Feb  9 09:25:41 fastweb roundcube: <sm6djv7v> Successful login for 
> donny at adhigunaputera.com (ID: 100412) from 110.136.11.0 in session 
> sm6djv7vh6oplo694nff7ng2rp
> 
> Alec, can you help debugging this?
> 
> *From:*users-bounces at lists.roundcube.net 
> [mailto:users-bounces at lists.roundcube.net] *On Behalf Of *Jorge Bastos
> *Sent:* 9 de fevereiro de 2018 09:18
> *To:* 'Roundcube Users mailing list' <users at lists.roundcube.net>
> *Subject:* [RCU] Security issue (possible?) (was: RE: Unknown user in 
> users table, very odd, possible security hole)
> 
> ALEC!!!!!!!
> 
> There’s some security problem in RC I believe!
> 
> Check this:
> 
> Feb  9 01:46:44 fastweb roundcube: <ibj96bvb> Successful login for 
> donny at adhigunaputera.com <mailto:donny at adhigunaputera.com> (ID: 100412) 
> from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb
> 
> This user doesn’t belong to any of the IMAP accounts, how was he able to 
> login?
> 
> After the login, there’s some login failed lines:
> 
> Feb  9 02:47:27 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed 
> for donny at adhigunaputera.com <mailto:donny at adhigunaputera.com> from 
> 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
> on line 196 (POST /webmail/?_task=mail&_action=refresh)
> 
> Feb  9 02:48:37 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed 
> for donny at adhigunaputera.com <mailto:donny at adhigunaputera.com> from 
> 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
> on line 196 (POST /webmail/?_task=mail&_action=refresh)
> 
> Feb  9 02:49:47 fastweb roundcube: <ibj96bvb> IMAP Error: Login failed 
> for donny at adhigunaputera.com <mailto:donny at adhigunaputera.com> from 
> 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
> on line 196 (POST /webmail/?_task=mail&_action=refresh
> 
> (funny the IP is the network IP)
> 
> What’s the best place to move forward with investigation with this 
> issue, here or dev list?
> 
> Could you assist me on this?
> 
> Thank you in advanced,
> 
> *From:*users-bounces at lists.roundcube.net 
> <mailto:users-bounces at lists.roundcube.net> 
> [mailto:users-bounces at lists.roundcube.net] *On Behalf Of *Hannu Hirvonen
> *Sent:* 8 de fevereiro de 2018 20:43
> *To:* users at lists.roundcube.net <mailto:users at lists.roundcube.net>
> *Subject:* Re: [RCU] Unknown user in users table, very odd, possible 
> security hole
> 
> On 08.02.2018 22:34, Jorge Bastos wrote:
> 
>     Not in there but you made me remind about:
> 
>     // Log successful/failed logins to <log_dir>/userlogins or to syslog
> 
> That's why I said "something like ...", might have been a bit clearer, 
> of course :-)
> 
> -- 
> 
>    Hannu Hirvonen (hh at uwasa.fi <mailto:hh at uwasa.fi>,http://www.uwasa.fi/~hh/)
> 
>    Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland
> 
> 
> 
> _______________________________________________
> Roundcube Users mailing list
> users at lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
> 


More information about the users mailing list