School Information Technology Discussion <[log in to unmask]> writes:
Are there any other details available?


-- MB
Below is the full announcement. I didn't want to post it originally (unless requested) as it leans slightly towards a focused product. Please feel free to contact me off list if you want or need more information.

Neil Manders (retired Director of Technology - WCSU)
Project Manager
Learning Networks/First Class

Dear Administrators,

We have discovered a potentially serious security vulnerability affecting FirstClass Internet Services.  Because of the nature of this problem, we are taking the step of sending out this Security Update.

Affected Components:
FirstClass Internet Services 8.X and FirstClass Internet Services 9.X, specifically the FirstClass Web User Interface. Releases earlier than 8.0 may be affected but have not yet been tested.

Affected Platforms:
This affects FirstClass Internet Services on all supported platforms.

Based on customer reports, we have discovered a security vulnerability which has the potential to affect sites running FirstClass Internet Services.  As a result of this vulnerability, it may be possible for unauthenticated users to access outbound messages queued to be sent via SMTP.

Next Steps:
We have coded, tested and released a new 9.1 Service Pack of FirstClass Internet Services to address this vulnerability. You should install this at your earliest convenience.

For sites running FirstClass 9.1, this new version has automatically been downloaded to you via the FirstClass Update Server. Sites running FirstClass 9.0 and older versions please contact Customer Support for further options.

As you know, we at FirstClass take security extremely seriously. We are proud to offer a safe, secure environment, and we do our utmost to address security issues as soon as humanly possible.


Scott Welch