roundcube -- arbitrary password resets

2017-04-28T00:00:00
ID BCE47C89-4D3F-11E7-8080-A4BADB2F4699
Type freebsd
Reporter FreeBSD
Modified 2017-04-28T00:00:00

Description

Roundcube reports:

Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.