FreeBSD : roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)
Medium Nessus Plugin ID 100737
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionRoundcube reports :
Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
SolutionUpdate the affected package.