CVE-2011-1491

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 0.5.1

Description The issue concerns a "login CSRF" problem where the login form in Roundcube Webmail does not properly handle a correctly authenticated but unintended login attempt. This makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the login form to minimize the risk of exploitation.