Bonn. Tens of thousands of e-mail accounts of employees and students of the University of Bonn were affected by a security breach. Their mail accounts were partly visible to the outside.
Tens of thousands of e-mail accounts of employees and students of the University of Bonn were affected by a security breach. Their mail accounts were partly visible to the outside. The internet website “Motherboard” reported on Thursday that around 42,000 e-mail accounts could be viewed for at least several weeks - under certain conditions - from the outside.
The University of Bonn confirmed the security issue but explained that there was no evidence the vulnerability had been abused. "The problem has now been fixed," said an IT employee of the University to the news agency dpa. "Unfortunately, we can not say how long it existed."
The security problems occurred when a user clicked on a link in a webmail session
According to "Motherboard", the cause of the problem was an incorrect configuration of the so-called session IDs when accessing the mail accounts in a browser. The security problems occurred when a user from the University of Bonn clicked on a link in a webmail session and called up a website. The e-mail account was accessible to the operator of the site if he had observed the way the user came to the site.
According to the University, twenty percent of users sometimes use Webmail. “Motherboard” made the University of Bonn aware of the security issue in February. The problems were remedied after a thorough investigation in April, according to an employee. Orig. text: dpa