[CalendarServer-dev] [Calendar and Contacts Server] #376: Lightning with wrong crendentals saved crashes calendarserver

Calendar and Contacts Server trac at macosforge.org
Tue Apr 13 02:15:28 PDT 2010


#376: Lightning with wrong crendentals saved crashes calendarserver
-------------------------------+--------------------------------------------
 Reporter:  rahul@…            |       Owner:  wsanchez@…        
     Type:  Defect             |      Status:  new               
 Priority:  2: Expected        |   Milestone:  CalendarServer-2.5
Component:  Calendar Server    |    Severity:  Crash/data loss   
 Keywords:                     |  
-------------------------------+--------------------------------------------
 Steps to reproduce:

 1. Setup Calendarserver (I installed Calendarserver 2.4 on Debian
 Lenny)[[BR]]
 2. Install Thunderbird with Lightning plugin[[BR]]
 3. Add the caldav url to lightninig[[BR]]
 4. Upon prompting for password, enter wrong credentials, check "Use
 Password Manager to remember this password" and click on OK.[[BR]]

 Now monitor the server. Authentication requests are sent continuously and
 the calendar server CPU usage goes very high.

 While I understand that this is primarily a bug in Lightning, it is also a
 problem with Calendarserver because it is susceptible to DOS attacks. I
 believe the developers are aware of this issue. If not, kindly take this
 into consideration for the next major release.

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/376>
Calendar and Contacts Server </>
HTTP/WebDAV/CalDAV Server


More information about the calendarserver-dev mailing list