Critical Email Security Flaw
I've tried reporting this as an issue a few times now but I have been unable to report this in its own thread. Hopefully this works and other customers are able to see it instead of it being buried in another thread.
There is a critical bug in v11 and now v14 that needs to be addressed. Users are incorrectly being cc'd on email replies and it is causing breaches of security/confidentiality. When you reply to a correspondence form a ticket instead of the system adding the CCd email addresses from the email you are replying to, it is adding the CC recipients from THE ORIGINAL TICKET. For example:
A support rep FORWARDS that ticket to a completely different user, firstname.lastname@example.org
replies and the reply gets appended to the original ticket (which is correct).
When you reply to the email email@example.com
sent in, the system incorrectly adds firstname.lastname@example.org
to the CC line in the email! This is a huge security issue that has already caused a few security breaches on our end as emails are sent to people they shouldn't be!
I have reported this issue to the help desk as well but I do not think it is being treated with the necessary urgency. This is a GIANT security issues that needs an immediate hotfix.
New to ADSelfService Plus?