X
Tech
Home Tech Computing Servers

Plugins compromised in SquirrelMail's web server hack

According to a recently posted update by SquirrelMail's Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month.The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail didn't acknowledge prior to announcing the web server compromise.
Written by Dancho Danchev, Contributor

smlogo.jpg
According to a recently posted update by SquirrelMail's Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month.

The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail didn't acknowledge prior to announcing the web server compromise.

During the initial announcement, we'd mentioned that we did not believe that any of the plugins had been compromised. Further investigation has shown that the following plugins were indeed compromised: - sasql-3.2.0 - multilogin-2.4-1.2.9 - change_pass-3.0-1.4.0

Parts of these code changes attempts to send mail to an offsite server containing passwords.

SquirrelMail has a total of 222 plugins available in 14 categories. Its SourceForge repository was not affected.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Placeholder product image alt text

The best AI image generators to try right now

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close