• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Horde/Kronolyth Security Issue! (all calendars shared)

D

dennis00

Guest
I just had a ticket from one of my clients, he is able to see the calendar of another domain!

After some research I found out that more than 60 clients are able to view his calendar!

SQL view:
sharefiles.jpg

(There was a list of e-mail addresses at the last, but I left them out for privacy reasons.

This should never have been able to have happened!! How do I prevent his calendar to be shared?
 
I have no problems with hackers or remote exploiting. My problem is that 60 of my clients see the contents of another client's calendar in Horde/Kronolyth.

I updated Kronolyth to 2.1.8, this did not resolve the issue. I might try to manually remove some rows for display_cals in MySQL.
 
You must log in or register to reply here.

Similar threads

C
Question Horde shared calendar
Replies
1
Views
1K
shg
S
K
Cannot log in to raise a ticket
Replies
1
Views
3K
Kaspar@Plesk
Kaspar@Plesk
W
Resolved 421 Misdirected Request on IP address after Apache update
Replies
3
Views
6K
WiseWill
W
C
Question Strange SNI (?) issue related to IPv6 (?)
Replies
2
Views
4K
Carbon Dioxide
C
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
5K
cmartinez127
C
Back
Top