[CalendarServer-dev] [Calendar and Contacts Server] #376: Lightning with wrong crendentals saved crashes calendarserver
Calendar and Contacts Server
trac at macosforge.org
Tue Apr 13 02:15:28 PDT 2010
#376: Lightning with wrong crendentals saved crashes calendarserver
-------------------------------+--------------------------------------------
Reporter: rahul@… | Owner: wsanchez@…
Type: Defect | Status: new
Priority: 2: Expected | Milestone: CalendarServer-2.5
Component: Calendar Server | Severity: Crash/data loss
Keywords: |
-------------------------------+--------------------------------------------
Steps to reproduce:
1. Setup Calendarserver (I installed Calendarserver 2.4 on Debian
Lenny)[[BR]]
2. Install Thunderbird with Lightning plugin[[BR]]
3. Add the caldav url to lightninig[[BR]]
4. Upon prompting for password, enter wrong credentials, check "Use
Password Manager to remember this password" and click on OK.[[BR]]
Now monitor the server. Authentication requests are sent continuously and
the calendar server CPU usage goes very high.
While I understand that this is primarily a bug in Lightning, it is also a
problem with Calendarserver because it is susceptible to DOS attacks. I
believe the developers are aware of this issue. If not, kindly take this
into consideration for the next major release.
--
Ticket URL: <http://trac.calendarserver.org/ticket/376>
Calendar and Contacts Server </>
HTTP/WebDAV/CalDAV Server
More information about the calendarserver-dev
mailing list