[Kolab-devel] [issue1157] Potential security problem on email event notifications
TorstenIrländer
kolab-issues at intevation.de
Tue Mar 7 19:04:22 CET 2006
New submission from TorstenIrländer <torsten.irlaender at intevation.de>:
kde 3.3.2
kontact proko2 branch after 2.0.6
There might be a security issue on email event notifications. The vCalendar
attached or embedded to an email does not provide any information about the
creator of this event without looking into the source of this mail.
This might lead into some problems if someone sends an invitation from outsite
with a faked sender address, and faked information about the creator of this
event.
Normally this mail will be marked as untrusted because of the sender
address but some people disable the sender verification so we get a email with
no hint that this invitation might be fooled.
Maybe some viewable information about the creator of this event will improve
the security of such invitations.
----------
assignedto: till
messages: 6684
nosy: bernhard, bh, till, torsten
priority: bug
status: unread
title: Potential security problem on email event notifications
topic: kde client
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue1157>
________________________________________________
More information about the devel
mailing list