it is not secure. not asking password while composing mail

VERIFIED INVALID

Status

SeaMonkey
MailNews: Account Configuration
--
major
VERIFIED INVALID
12 years ago
12 years ago

People

(Reporter: Trilochan Mishra, Unassigned)

Tracking

({arch})

1.4 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse])

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: Mozilla 1.6

Hello,
I am working in Alcatel Development India Pvt.Ltd.,chennai, India.
here we are using Mozilla 1.6 browser.

the incoming server is IMAP. i am giving the incoming server address. after that it is creating the user.
and here i can create anybody's mail account. after that for composing any mail it should ask password. and it is asking password but i am neglecting that password by clicking cancel.
then in the browser in the right hand space i am able tofind a compose option with inbox option. when i am going for the compose option a compose window is opening and i am able to send mail without any password to anybody.

so it is to be noticed that one can create anybodys account in the organization environment. it is not caring wheather that person is already having a valid account or not. and without password it is sending the mail.
but if we reply to that mail it is not coming.
so what is the problem.

hope you can understand what i mean to say.
for more details feel free to contact me on trilochan.mishra@alcatel.com 
my cell no is : +91-9840806778

thanks & regards,
Trilochan Mishra

Reproducible: Always

Steps to Reproduce:
1.check the password fild for sending option and enable it.
2.check your security level.
3.
(Reporter)

Updated

12 years ago
Component: Safe Browsing → Colorpicker
Keywords: arch
Product: Firefox → Composer
Version: unspecified → 0.17

Comment 1

12 years ago
this is a misconfiguration of your mail server. go complain to your admin.
Assignee: nobody → mail
Component: Colorpicker → MailNews: Account Manager
Product: Composer → Mozilla Application Suite
QA Contact: safe.browsing
Version: 0.17 → 1.4 Branch

Updated

12 years ago
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
Whiteboard: [sg:nse]
What's not secure is using Mozilla 1.6! That's a two-and-a-half year old version. Here are the security fixes in just the past year and a half:
http://www.mozilla.org/security/announce/

There are exploits being used in the wild for vulnerabilities we fixed mid-2005.

If your Mozilla is that old probably your Java is as well. There are tons of exploits for old versions of Java. update at http://java.com

Note that IMAP is for incoming mail, SMTP is used for outgoing mail. *both* must be set to require passwords and enforce a match between the From: line and the account. But there are plenty of un-secured SMTP servers in the world, forged "From" lines are a foregone conclusion (common technique used by spammers and email worms)

Updated

12 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.