[rt-users] permissions loophole?
David Vrtin
david.vrtin at arnes.si
Mon Mar 31 01:46:20 EST 2003
On Sat, 29 Mar 2003 22:54:33 GMT, "James Lucas" wrote:
> I have noticed one odd thing with the way it processes mail (although it =
> may be my setup but I can't see where), if there is a user on the =
> system, e.g. autocreated by opening a ticket, they can reply to any =
> other ticket by simply changing the number in the subject of the message =
> and this reply will be forwarded onto the ticket requestor.
>
> This does not seem correct to me as it would allow a spammer to randomly =
> guess ticket numbers and then send mail to our customers using rt as the =
> relay.
I have same problem. We don't want RT to sent mail out of RT, if the transaction
is originated via *Email*.
I think, we need some patch??
Best regards,
David
More information about the rt-users
mailing list