The EMURL web-based email account软件在用户会话URLs编码标识符可预测，存在漏洞，远程攻击者可以利用这个漏洞访问用户email账户。
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org. Seattle Lab is aware of the issue and will address it in their next version of Emurl.
Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings.
To read email:
To view/modify account settings: