General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] active security issue ? still alaluating sogo


Chronological Thread 
  • From: "\"sg gs\"" ( ) < >
  • To:
  • Subject: Re: [SOGo] active security issue ? still alaluating sogo
  • Date: Tue, 26 Jul 2016 09:27:21 +0200
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 2FCCB1120185
  • Importance: normal
  • Sensitivity: Normal

so something must be wrong with my sogo configuration but i wonder what it could be. any hints?
 
Sent: Monday, July 25, 2016 at 9:36 PM
From: "\"Ludovic Marcotte\" ( )" < >
To: 
Subject: Re: [SOGo] active security issue ? still alaluating sogo
On 2016-07-25 11:33 AM, "sg gs" ( ) wrote:

> it turned out that it is possible to send mail from any user just by
> specifying the username and not entering any (or a wrong) password.

Outlook must be sending caching creds - I've just tried with Outlook
2013 and no way SOGo lets you do that with a wrong password. It keeps
telling you to go away with a 401 code.

Thanks,

--
Ludovic Marcotte
:: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence (http://packetfence.org) and Fingerbank (http://fingerbank.org)

--

https://inverse.ca/sogo/lists



Archive powered by MHonArc 2.6.18.

Top of page