Critical Email Security Flaw

Critical Email Security Flaw

I've tried reporting this as an issue a few times now but I have been unable to report this in its own thread.  Hopefully this works and other customers are able to see it instead of it being buried in another thread. 

 There is a critical bug in v11 and now v14 that needs to be addressed.  Users are incorrectly being cc'd on email replies and it is causing breaches of security/confidentiality.  When you reply to a correspondence form a ticket instead of the system adding the CCd email addresses from the email you are replying to, it is adding the CC recipients from THE ORIGINAL TICKET.  For example:

1. A ticket is emailed in from user1@email.com and copies user2@email.com 
2. A support rep FORWARDS that ticket to a completely different user, user3@email.com
3. user3@email.com replies and the reply gets appended to the original ticket (which is correct).
4. When you reply to the email user3@email.com sent in, the system incorrectly adds user2@email.com to the CC line in the email!  This is a huge security issue that has already caused a few security breaches on our end as emails are sent to people they shouldn't be!

I have reported this issue to the help desk as well but I do not think it is being treated with the necessary urgency.  This is a GIANT security issues that needs an immediate hotfix. 

                  New to ADSelfService Plus?