Re: [Evolution-hackers] a security issue with Evolution
- From: Jose Tavares <jat terra com br>
- To: evolution-hackers gnome org
- Subject: Re: [Evolution-hackers] a security issue with Evolution
- Date: Sat, 22 Apr 2006 03:13:34 -0300
On Sat, 2006-04-22 at 02:12 -0300, Jose Tavares wrote:
> Today I was at FISL (Forum Internacional Software Livre) accessing the
> net through the wifi network they were offering. It was an open wifi
> network with no crypto at all..
>
> So, using Evolution I needed do disable the access of my email accounts
> whose pop/smtp does not offer a secure connection. Yes, there's a big
> provider here in Brazil that does not offer secure connection to its
> pop/smtp.
>
> The problem is that I left enable just an account at gmail that is
> configured to make secure connections..
>
> After that, I took an old email in my outbox that had been sent with the
> account from the unsecured provider and selected "Edit as new message".
> Then, I thought the From: field would have been changed automatically to
> my new configured default connection.
>
> Guess what happened? I sent the email with the From: field from the
> unsecure provider and Evolution did established an unsecure conection to
> the unsecure provider and sent my plain password through the network
> even with the unsecure account marked as disabled in Evolution!!
>
> []
> JA Tavares
I looked at the archives and saw this was discussed in Nov-Dec/2005 ..
Parthasarathi Susarla made a patch for evolution not to send mail from
disabled accounts.. This patch does not seem to be applied as nothing
stopped me from sending a mail from a disabled account..
I'm using v2.4.2.1 from Debian Unstable..
[]
JA Tavares
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]