apple / ccs-calendarserver

The Calendar and Contacts Server.
https://www.calendarserver.org
Apache License 2.0
486 stars 136 forks source link

Lightning with wrong crendentals saved DOS'es calendarserver #298

Closed macosforgebot closed 9 years ago

macosforgebot commented 14 years ago

rahul@… originally submitted this as ticket:376


Steps to reproduce:

  1. Setup Calendarserver (I installed Calendarserver 2.4 on Debian Lenny)
  2. Install Thunderbird with Lightning plugin
  3. Add the caldav url to lightninig
  4. Upon prompting for password, enter wrong credentials, check "Use Password Manager to remember this password" and click on OK.

Now monitor the server. Authentication requests are sent continuously and the calendar server CPU usage goes very high.

While I understand that this is primarily a bug in Lightning, it is also a problem with Calendarserver because it is susceptible to DOS attacks. I believe the developers are aware of this issue. If not, kindly take this into consideration for the next major release.

macosforgebot commented 14 years ago

rahul@… originally submitted this as comment:1:⁠ticket:376

macosforgebot commented 13 years ago

@wsanchez originally submitted this as comment:2:⁠ticket:376

macosforgebot commented 13 years ago

@wsanchez originally submitted this as comment:3:⁠ticket:376

macosforgebot commented 12 years ago

@wsanchez originally submitted this as comment:4:⁠ticket:376

macosforgebot commented 10 years ago

mcepl@… originally submitted this as comment:11:⁠ticket:376

macosforgebot commented 9 years ago

@wsanchez originally submitted this as comment:12:⁠ticket:376


Expiring old bugs with unknown state and impact.