Results 1 to 2 of 2

Thread: SECURITY FLAW: When will this be fixed?

  1. #1
    Senior Member
    Join Date
    Mar 2012
    Posts
    136

    SECURITY FLAW: When will this be fixed?

    Please see this URL for a detail on a security flaw that allows the private AND public IPs of clients to be logged without the user knowing it:



    Any thoughts on this from Zarafa?

  2. #2
    Zarafa

    Join Date
    Jan 2009
    Location
    Hanover, Germany
    Posts
    1,891
    i mean thats how STUN works (and has to work), right?

    If at all that is a "bug" in the way WebRTC is designed and not really a flaw in our webmeetings module. And the fact that only pages that advertise the illegal download of copyright protected material mark this as a "huge security flaw" should tell you the rest.

    True is that when having WebRTC activated a website can read out the ip addresses the client uses to connect to the network. This can be an issue if your are very security aware and use different means to obscure your traces, but for the normal business user this is not really an issue imho.

    And this can even be really easy blocked, there are tons of howtos out there and its even a feature of uBlock (). Be aware that deactivating this you will probably not be able to use in network video conferences and all your traffic will be routed through your gateway.

    EDIT: or you could actually use this to upsell DeskApp. Deactivate Javascript in your regular browser and only use DeskApp to check WebApp and do WebMeetings.
    Last edited by fbartels; 13-06-2016 at 06:51 PM.
    Regards Felix

    How to get Kopano

    Zarafa ALPHA/BETA/RC feedback in BETA forum please.
    Zarafa IRC chat: irc.freenode.com > #zarafa
    Zarafa documentation: http://documentation.zarafa.com/

    No support via PM! Please contact our sales team for an offer if you want my full attention.

Similar Threads

  1. [Final] Urgent issues fixed in ZCP 7.1.8 R1
    By Suyi in forum Zarafa Announcements
    Replies: 0
    Last Post: 20-02-2014, 03:59 PM
  2. Outlook 2010 update Fixed!
    By Robin in forum Outlook client
    Replies: 3
    Last Post: 10-12-2012, 12:45 PM
  3. Web language is always in English [FIXED]
    By Dtouzeau in forum WebAccess usage Archives
    Replies: 4
    Last Post: 05-06-2010, 11:22 PM
  4. [Fixed] From Trial / Demo to Community
    By Micekiller in forum Installation and Configuration Archives
    Replies: 2
    Last Post: 02-12-2009, 01:24 PM
  5. Using Zarafa instead of Courier [FIXED]
    By ph1r in forum Other mail/calendar clients Archives
    Replies: 4
    Last Post: 30-08-2009, 10:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •