[URGENT] Data Protection breach

Discussion in 'Feedback & Help' started by KM-Tiger, Dec 11, 2013.

Thread Status:
Not open for further replies.
  1. KM-Tiger

    KM-Tiger UKBF Legend Full Member - Verified Business

    9,985 2,667
    Following on from this thread:


    there is a bug that is causing emails sent to members watching a thread to be malformed and containing the private email addresses of other members. Depending on the MUA in use these addresses may or may not be immediately visible, but they are certainly there in the email source.

    If it's of help to your developers, it would appear that on sending emails, the DATA part of the SMTP transaction is not being terminated correctly, and the subsequent 'RSET' command is being interpreted as part of the data stream rather than the start of a new transaction. This fragment from an email addressed to me shows the data stream continuing with the header of the next email:
    Subject: Like the old forum, but worse - New reply to watched thread
    To: Dan Izzard <[email protected]>
    From: UK Business Forums <[email protected]>
    Return-Path: [email protected]
    Date: Tue, 10 Dec 2013 22:44:42 +0000
    Content-Type: multipart/alternative;
    MIME-Version: 1.0
    I have obfuscated Dan's email address in that.
    Posted: Dec 11, 2013 By: KM-Tiger Member since: Aug 10, 2003
  2. Dan Izzard

    Dan Izzard Digital Marketer Full Member

    1,060 322
    Thanks for looking into this KM Tiger, much appreciated. I've forwarded this on to our development team who are looking into it further.
    Posted: Dec 11, 2013 By: Dan Izzard Member since: Nov 21, 2013
  3. zigojacko

    zigojacko I say it how it is Full Member - Verified Business

    3,636 1,168
    Ah, the cause has been identified. Nice one.

    What a joke, this forum software is crap Sift, let's be honest here. Unless of course, Sift are the ones that cocked it all up.
    Posted: Dec 11, 2013 By: zigojacko Member since: Dec 7, 2009
Thread Status:
Not open for further replies.