[Tickets #12186] Re: activesync component does not username canonified by authusername() hook
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu May 2 18:52:54 UTC 2013
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: http://bugs.horde.org/ticket/12186
------------------------------------------------------------------------------
Ticket | 12186
Aktualisiert Von | enrico.scholz at sigma-chemnitz.de
Zusammenfassung | activesync component does not username canonified by
| authusername() hook
Warteschlange | Horde Base
Version | Git master
Typ | Bug
Status | Resolved
Priorität | 1. Low
Milestone |
Patch |
Zuständige | Michael Rubinsky
------------------------------------------------------------------------------
enrico.scholz at sigma-chemnitz.de (2013-05-02 18:52) hat geschrieben:
Last patch opens a security/privacy hole. The user
'a at mail.other-realm' sees now the activesync information (including
serial number) from user 'a at realm'.
All the activesync related database tables still contain only the
unqualified 'a' username (afais, only
'horde_activesync_device_mailmap' contains the correct 'a at realm').
Adminstrator screen (login as 'admin at realm') shows ActiveSync devices
of 'b at other-realm' as owned by (nonexisting) 'b at realm'.
More information about the bugs
mailing list