Security Hole in Entourage 2004 and 2008

[Ronny Livni]

Hi,
Over the last few years ive been putting up with a very annoying bug which i
consider a security hole in Entourage 2004. I was anticipating that the
issue would be fixed in Entourage 2008 and was greatly disappointed to learn
that this problem has not been fixed in Entourage 2008.

The details of this bizzare issue are as follows:

Issue: upon receiving a particular type of mail, Entourage will no longer be
able to connect to the mail server (Exchange). Once such a mail comes in to
my inbox and remains there, I will receive the following error (translation
from the Japanese):

"Currently, cannot receive mail.
The server returned an Error. (login failed. there was an error in your
username and/or password) There is a possiblity that your username,
password or security settings are not correct. Please reenter your
password."

My Environment is as follows:

Entourage 2004 Japanese (I have checked with people who access the same
Exchange mail server using MAPI using an English environment but none of
them have ever experienced this problem.

OS: confirmed on 10.3, 10.4 and 10.5

Server: MS Exchange

Connection Protocol: MAPI. This problem does not happen when connecting via
POP or IMAP. This problem only happens when connecting via MAPI.

Even when connected with MAPI, If I go to Tools then to account and reenter
my password, I can receive new mails. But as long as this problematic mail
still exists in my inbox or any of my active folders on the server, I will
soon get the error again and be disconnected.

Once the trouble-causing mail message is deleted, the client will be able to
reconnect to the server and not receive an error. Furthermore, if the
trouble-causing mail message is moved to a local/archive folder, the client
will be able to reconnect to the server and not receive an error.

At least 5 of my co-workers have experienced this issue. All of them except
myself have stopped using Entourage and use their windows machine only for
mail or they have switched to IMAP/POP.

For some reason a trouble-causing mail seems to land in my inbox every
so-often- like once every few weeks- and its so annoying- I was hoping the
issue would have been fixed in 2008 so this is truly a disappointment.

If there is some other appropriate forum to register such issues id
appreciate if you advise me where I should post this. Thanks, ron

 

[Corentin Cras-Méneur]

Hi,

Issue: upon receiving a particular type of mail, Entourage will no longer be
able to connect to the mail server (Exchange). Once such a mail comes in to
my inbox and remains there, I will receive the following error (translation
from the Japanese):

"Currently, cannot receive mail.
The server returned an Error. (login failed. there was an error in your
username and/or password) There is a possiblity that your username,
password or security settings are not correct. Please reenter your
password."

I read your post, but I'm not sure I understand how it qualifies as a
security hole....
You receive e-mails considered as corrupted and Entourage then
disconnects from the server. No security issue here.
I agre though that the message you're getting is inaccurate. It's more
something like "the connection was lost"

The solution is to delete the incriminated e-mail from the server. I've
had things like that for years in all apps and also through POP (there
is even an appliucation dedicated to these issues on POP: MailSiphon).

The part that' surprising is that you receive corrupted e-mails about
once a week.
Could they all be coming from the same person??

Corentin

 

[William Smith]

Hi,
Over the last few years ive been putting up with a very annoying bug which i
consider a security hole in Entourage 2004. I was anticipating that the
issue would be fixed in Entourage 2008 and was greatly disappointed to learn
that this problem has not been fixed in Entourage 2008.

The details of this bizzare issue are as follows:

Issue: upon receiving a particular type of mail, Entourage will no longer be
able to connect to the mail server (Exchange). Once such a mail comes in to
my inbox and remains there, I will receive the following error (translation
from the Japanese):

"Currently, cannot receive mail.
The server returned an Error. (login failed. there was an error in your
username and/or password) There is a possiblity that your username,
password or security settings are not correct. Please reenter your
password."

This is not necessarily a security hole. Nothing is getting compromised.

The problem you are describing is with Entourage and Asian fonts in the
subject line and it is a known Exchange Server issue. A hotfix from
Microsoft is available. Have a look at my blog post on The Entourage
Help Blog for details
<http://blog.entourage.mvps.org/2007/05/exchange_server_hotfix_resolve.html>.

Hope this helps!

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>

 

[Ronny Livni]

Hi Bill, I really appreciate your advice. This certainly describes the
problem I and other mac users at work are experiencing. Unfortunately It
requires a change at the MS Exchange 2003 level- Ill need to have a chat
with our IT folks.

I consider this a security hole because someone could potentially take
advantage of this bug to keep all Entourage users in a state of constantly
being disconnected- and this by just sending a mail.

Anyway, your information has helped me greatly and been a relief. Im only
sad I waited so long to post a question about this. Now its time to talk to
IT.

Thanks again. I much appreciate it.
Ron