imap authentication plugin 0.6
Monday, December 5th, 2005Mark Quinn pointed out back in August, that the imap authentication plugin suffered from a rather serious security risk. If you knew that a site was using it, you could create cookie that would let you in without having to know a user’s real password. (You did have to know a valid user’s account name). […]