View Issue Details

IDProjectCategoryView StatusLast Update
0003131SOGoActiveSyncpublic2015-06-10 14:54
Reportermartinsimovic Assigned Toludovic  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status resolvedResolutionfixed 
Platform[Client] AppleOSiOSOS Version7
Product Version2.2.16 
Fixed in Version2.3.1 
Summary0003131: Meeting invitee is able to hijack meeting ownership from the organiser
Description

User 1 (organiser) creates a meeting in his calendar and invites a number of invitees to the meeting.
User 2 (invitee) views/accepts the event from iOS device.

User2 becomes organiser of the meeting with all the consequences (original organiser can no longer cancel the meeting.

Additional Information

I have reported this happened on recurring event organised by user1. User1 has lifted the organiser privileges (without him knowing).

This seems to be old bug introduces by Microsoft:

http://www.tuaw.com/2012/10/04/exchange-ios-meeting-hijack-history-goes-back-well-before-ios/
http://www.it.cornell.edu/services/guides/facstaff_email/mobile-hijack.cfm

TagsNo tags attached.

Activities

ludovic

ludovic

2015-03-18 13:50

administrator   ~0008292

Last edited: 2015-03-18 13:51

Does it happen on non-recurring events?

The EAS code in SOGo currently does NOT FULL support recurring events - especially recurrence exceptions.

martinsimovic

martinsimovic

2015-03-18 13:53

reporter   ~0008294

Haven't had a report of such thing happening on non-recurring events yet.

martinsimovic

martinsimovic

2015-05-11 13:22

reporter   ~0008467

I have just had submitted evidence of same error on non-repetitive event. An Invitee hijacked the ownership of the event and was able to cancel it subsequently.

SOGo version 2.2.17a

ludovic

ludovic

2015-06-10 14:54

administrator   ~0008616

https://github.com/inverse-inc/sogo/commit/b1453e1d7e4dc180d33b782eee21f4a374b46938

Issue History

Date Modified Username Field Change
2015-03-13 13:05 martinsimovic New Issue
2015-03-18 13:50 ludovic Note Added: 0008292
2015-03-18 13:50 ludovic Severity major => feature
2015-03-18 13:51 ludovic Note Edited: 0008292
2015-03-18 13:53 martinsimovic Note Added: 0008294
2015-05-11 13:22 martinsimovic Note Added: 0008467
2015-06-10 14:54 ludovic Note Added: 0008616
2015-06-10 14:54 ludovic Status new => resolved
2015-06-10 14:54 ludovic Fixed in Version => 2.3.1
2015-06-10 14:54 ludovic Resolution open => fixed
2015-06-10 14:54 ludovic Assigned To => ludovic