3
Impersonation changes User to Administrator
Problem reported by Nathan Harrington - 1/8/2019 at 10:36 PM
Resolved
I discovered an issue today whereby impersonating a User level account converts that account to an Administrator level account.  This happened with SmarterMail v15.2; I have not tested it on newer releases.

  • Pick a domain on your server > Manage
  • Identify any account that is a User account
  • Close Manage
  • Impersonate that user account
  • Edit the settings for the account, change a setting (I was changing Webmail > Preview Pane = Disable), save the setting.
  • Close user account
  • Select the domain again > Manage
  • Find the user you impersonated; it will now be an Administrator instead of a User

I have seen where this had happened several times in the past with assorted domains, but it wasn't until today that I discovered when/how it was happening.  It appears that you can edit the user and change them back to User level.  I'm not sure if this happens with any change to the user's settings, or only select changes.  In reviewing all of the mail accounts on the server, I discovered several accounts that had been converted to Administrator that shouldn't have been.  I'm not sure how long this has been happening.

8 Replies

Reply to Thread
0
Employee Replied
Employee Post
Hi,
I'm unable to replicate this issue. I'd recommend updating to the latest version of SmarterMail 15 and checking if the issue still occurs.
0
Nathan Harrington Replied
Alex,
Thank you for your reply.  I upgraded to SmarterMail v15.7.6915 this week, and this is still an issue.  I followed the steps as posted in my original message, testing with two users in different domains.  Both of them were converted to Administrative users after the change to their settings was saved.
Nathan

0
Employee Replied
Employee Post
Nathan, I was able to reproduce the issue locally.  I will update this when the issue has been resolved.
0
Employee Replied
Employee Post
Nathan, I was able to fix the issue.  Here is a custom build that will fix the issue.

http://www.smartertools.com/downloads/SmarterMail/CustomBuilds/15.7.6960.17157/SmarterMail15_Setup.exe
0
Nathan Harrington Replied
Thanks for the quick response, Robert!  I will get this update scheduled for our next maintenance event.
2
ScottF Replied
Any plans to make SM 15.7.6960 an official release? Meaning release notes and a link on the legacy versions page. It would be nice to have the security problem fixed in an official release.

1
Employee Replied
Employee Post Marked As Resolution
Scott, we have just release 15.7.6970 that include this fix.
2
ScottF Replied
Great. Thanks!

Reply to Thread