[Kolab-devel] [issue759] Kontact may accidentally send mail to name at domain.com
Bernhard Herzog
kolab-issues at intevation.de
Mon May 23 18:43:10 CEST 2005
New submission from Bernhard Herzog <bh at intevation.de>:
In kontact's "edit event" dialog on the attendees tab, there's a button "new"
which when clicked adds an attendee "Firstname Lastname <name at domain.com>". If
you then press Enter or click OK without editing it, this entry is treated like
a real attendee and an invitation mail is sent to name at domain.com (or
name at domain.de in the Germal localized version). domain.com and domain.de are
perfectly normal, ordinary domains!
In the case of domain.de, the email will be rejected by their mail server, but
in principle the fact that mails are sent to it could accidentally leak
sensitive information. All the owners of domain.de have to do is to accept
those mails. I don't know what domain.com does with the mails. This may be a
problem with other localizations as well.
I classify this as urgent because it's at least a potential security problem.
kontact from proko2 branch, svn revision 417365
----------
assignedto: david
messages: 4649
nosy: bh, david
priority: urgent
status: unread
title: Kontact may accidentally send mail to name at domain.com
topic: kde client
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue759>
________________________________________________
More information about the devel
mailing list