#####################################################################################
#
#   Name    :   Horde & Roundcube password leak vulnerability
#   Author  :   Xc0re Security Reasearch Group
#   Homepage :   http://www.xc0re.net
#
#####################################################################################

Description :

Webmail clients such as Horde & Round Cube leak their username and password in a fashion that with every post request they also send a base64 encoded username:password along with it! One can use a simple sniffer like ethreal and listen on a proxy or through arp spoofing and manually decrypt username and password !