Re: [Evolution-hackers] a security issue with Evolution
- From: Harish Krishnaswamy <kharish novell com>
- To: Jose Tavares <jat terra com br>
- Cc: evolution-hackers gnome org
- Subject: Re: [Evolution-hackers] a security issue with Evolution
- Date: Sat, 22 Apr 2006 11:51:59 +0530
Which version of Evolution are you referring to ?
Evolution 2.6 does not let you send mails through accounts that have not
been enabled. This issue has been fixed already.
That also leads me to kindly remind you - Upgrade, Upgrade :-)
Thanks,
Harish
On Sat, 2006-04-22 at 02:12 -0300, Jose Tavares wrote:
> Today I was at FISL (Forum Internacional Software Livre) accessing the
> net through the wifi network they were offering. It was an open wifi
> network with no crypto at all..
>
> So, using Evolution I needed do disable the access of my email accounts
> whose pop/smtp does not offer a secure connection. Yes, there's a big
> provider here in Brazil that does not offer secure connection to its
> pop/smtp.
>
> The problem is that I left enable just an account at gmail that is
> configured to make secure connections..
>
> After that, I took an old email in my outbox that had been sent with the
> account from the unsecured provider and selected "Edit as new message".
> Then, I thought the From: field would have been changed automatically to
> my new configured default connection.
>
> Guess what happened? I sent the email with the From: field from the
> unsecure provider and Evolution did established an unsecure conection to
> the unsecure provider and sent my plain password through the network
> even with the unsecure account marked as disabled in Evolution!!
>
> []
> JA Tavares
>
>
> _______________________________________________
> Evolution-hackers mailing list
> Evolution-hackers gnome org
> http://mail.gnome.org/mailman/listinfo/evolution-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
