• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Horde/Kronolyth Security Issue! (all calendars shared)

D

dennis00

Guest
I just had a ticket from one of my clients, he is able to see the calendar of another domain!

After some research I found out that more than 60 clients are able to view his calendar!

SQL view:
sharefiles.jpg

(There was a list of e-mail addresses at the last, but I left them out for privacy reasons.

This should never have been able to have happened!! How do I prevent his calendar to be shared?
 
I have no problems with hackers or remote exploiting. My problem is that 60 of my clients see the contents of another client's calendar in Horde/Kronolyth.

I updated Kronolyth to 2.1.8, this did not resolve the issue. I might try to manually remove some rows for display_cals in MySQL.
 
You must log in or register to reply here.

Similar threads

N
Issue Restrictive administrator can see everything
Replies
14
Views
3K
Change Maker
C
C
Question Strange SNI (?) issue related to IPv6 (?)
Replies
2
Views
2K
Carbon Dioxide
C
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
3K
cmartinez127
C
PeopleInside
Issue with Google Drive Backup
Replies
7
Views
4K
PeopleInside
PeopleInside
J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
4K
Peter Debik
P
Back
Top