You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Start wireshark with apprioriate filters to reduce entries
2. Refresh Google contacts resource in KAddressbook
What is the expected output? What do you see instead?
I would expect that all traffic goes over an encrypted HTTPS channel. Instead,
I see that contacts are transferred over plain HTTP with all an authentication
token in it.
What version of the product are you using? On what operating system?
I am using 0.9.6 on Arch Linux (https://aur.archlinux.org/packages.php?ID=24286)
Please provide any additional information below.
I also checked with openssl' s_server whether the implementation was vulnerable
to a MITM attack. Luckily, this was not the case: it simply aborts the
connection setup. I did not receive any feedback however in KAddressbook,
though I saw an "invalid password" message in akonadiconsole.
The attached patch is tested and did not cause regressions in the contacts
retrieval functionality.
Original issue reported on code.google.com by [email protected] on 23 Jun 2012 at 9:12
Original issue reported on code.google.com by
[email protected]on 23 Jun 2012 at 9:12Attachments:
The text was updated successfully, but these errors were encountered: