TUT.by noticed and closed the hole in the mail
3 days after reporting security issues in the Tut.by mail service , the flaw was fixed. The previously existing ability to move arbitrary letters of any user to the trash does not work anymore.
The lack of verification of the authorization of a user when marking letters as spam in the postal service of the Belarusian portal TUT.by made it possible to use the link mail.tut.by/cgi-bin/go.cgi?address=X&folder=INBOX&server=mail.tut.by&messages=Y Move any user's letters to the trash.
“We quickly noticed the problems and, as soon as the software allowed us, decided. There is no reason for our users to worry, ”Denis otvalko, technical director of TUT.by, told Naviny.by website.
The lack of verification of the authorization of a user when marking letters as spam in the postal service of the Belarusian portal TUT.by made it possible to use the link mail.tut.by/cgi-bin/go.cgi?address=X&folder=INBOX&server=mail.tut.by&messages=Y Move any user's letters to the trash.
“We quickly noticed the problems and, as soon as the software allowed us, decided. There is no reason for our users to worry, ”Denis otvalko, technical director of TUT.by, told Naviny.by website.
')
Source: https://habr.com/ru/post/14205/
All Articles