[Evolution-hackers] a security issue with Evolution

From: Jose Tavares <jat terra com br>
To: evolution-hackers gnome org
Subject: [Evolution-hackers] a security issue with Evolution
Date: Sat, 22 Apr 2006 02:12:57 -0300

Today I was at FISL (Forum Internacional Software Livre) accessing the
net through the wifi network they were offering. It was an open wifi
network with no crypto at all..

So, using Evolution I needed do disable the access of my email accounts
whose pop/smtp does not offer a secure connection. Yes, there's a big
provider here in Brazil that does not offer secure connection to its
pop/smtp.

The problem is that I left enable just an account at gmail that is
configured to make secure connections..

After that, I took an old email in my outbox that had been sent with the
account from the unsecured provider and selected "Edit as new message".
Then, I thought the From: field would have been changed automatically to
my new configured default connection.

Guess what happened? I sent the email with the From: field from the
unsecure provider and Evolution did established an unsecure conection to
the unsecure provider and sent my plain password through the network
even with the unsecure account marked as disabled in Evolution!!

[]
JA Tavares

Follow-Ups:
- Re: [Evolution-hackers] a security issue with Evolution
  - From: Jose Tavares
- Re: [Evolution-hackers] a security issue with Evolution
  - From: Harish Krishnaswamy

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]