extman -- password bypass vulnerability

2008-04-01T00:00:00
ID 44C8694A-12F9-11DD-9B26-001C2514716C
Type freebsd
Reporter FreeBSD
Modified 2008-04-01T00:00:00

Description

Extmail team reports:

Emergency update #4 fixes a serious security vulnerability.

Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request.