Re: [Evolution-hackers] a security issue with Evolution

Which version of Evolution are you referring to ?
Evolution 2.6 does not let you send mails through accounts that have not
been enabled. This issue has been fixed already.

That also leads me to kindly remind you - Upgrade, Upgrade :-)


On Sat, 2006-04-22 at 02:12 -0300, Jose Tavares wrote:
> Today I was at FISL (Forum Internacional Software Livre) accessing the
> net through the wifi network they were offering. It was an open wifi
> network with no crypto at all..
> So, using Evolution I needed do disable the access of my email accounts
> whose pop/smtp does not offer a secure connection. Yes, there's a big
> provider here in Brazil that does not offer secure connection to its
> pop/smtp.
> The problem is that I left enable just an account at gmail that is
> configured to make secure connections..
> After that, I took an old email in my outbox that had been sent with the
> account from the unsecured provider and selected "Edit as new message".
> Then, I thought the From: field would have been changed automatically to
> my new configured default connection.
> Guess what happened? I sent the email with the From: field from the
> unsecure provider and Evolution did established an unsecure conection to
> the unsecure provider and sent my plain password through the network
> even with the unsecure account marked as disabled in Evolution!!
> []
> JA Tavares
> _______________________________________________
> Evolution-hackers mailing list
> Evolution-hackers gnome org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]