0003131: Meeting invitee is able to hijack meeting ownership from the organiser - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0003131	SOGo	ActiveSync	public	2015-03-13 13:05	2015-06-10 14:54

Reporter	martinsimovic	Assigned To	ludovic
Priority	normal	Severity	feature	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Platform	[Client] Apple	OS	iOS	OS Version	7
Product Version	2.2.16
Fixed in Version	2.3.1

Summary	0003131: Meeting invitee is able to hijack meeting ownership from the organiser
Description	User 1 (organiser) creates a meeting in his calendar and invites a number of invitees to the meeting. User 2 (invitee) views/accepts the event from iOS device. User2 becomes organiser of the meeting with all the consequences (original organiser can no longer cancel the meeting.
Additional Information	I have reported this happened on recurring event organised by user1. User1 has lifted the organiser privileges (without him knowing). This seems to be old bug introduces by Microsoft: http://www.tuaw.com/2012/10/04/exchange-ios-meeting-hijack-history-goes-back-well-before-ios/ http://www.it.cornell.edu/services/guides/facstaff_email/mobile-hijack.cfm
Tags	No tags attached.

ludovic 2015-03-18 13:50 administrator ~0008292 Last edited: 2015-03-18 13:51	Does it happen on non-recurring events? The EAS code in SOGo currently does NOT FULL support recurring events - especially recurrence exceptions.

martinsimovic 2015-03-18 13:53 reporter ~0008294	Haven't had a report of such thing happening on non-recurring events yet.

martinsimovic 2015-05-11 13:22 reporter ~0008467	I have just had submitted evidence of same error on non-repetitive event. An Invitee hijacked the ownership of the event and was able to cancel it subsequently. SOGo version 2.2.17a

ludovic 2015-06-10 14:54 administrator ~0008616	https://github.com/inverse-inc/sogo/commit/b1453e1d7e4dc180d33b782eee21f4a374b46938

Date Modified	Username	Field	Change
2015-03-13 13:05	martinsimovic	New Issue
2015-03-18 13:50	ludovic	Note Added: 0008292
2015-03-18 13:50	ludovic	Severity	major => feature
2015-03-18 13:51	ludovic	Note Edited: 0008292
2015-03-18 13:53	martinsimovic	Note Added: 0008294
2015-05-11 13:22	martinsimovic	Note Added: 0008467
2015-06-10 14:54	ludovic	Note Added: 0008616
2015-06-10 14:54	ludovic	Status	new => resolved
2015-06-10 14:54	ludovic	Fixed in Version	=> 2.3.1
2015-06-10 14:54	ludovic	Resolution	open => fixed
2015-06-10 14:54	ludovic	Assigned To	=> ludovic