CVE-2010-2813

Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 1.4.21

Description The issue arises from improper handling of 8-bit characters in passwords by the functions/imap general.php file. This allows remote attackers to cause a denial of service, specifically disk consumption, by making multiple IMAP login attempts with different usernames. As a result, many preferences files are created.

Recommendations For versions prior to 1.4.21, update to version 1.4.21 or later to resolve the issue. As a temporary workaround, consider restricting the number of IMAP login attempts to minimize the risk of disk consumption.