ACI'S SET FOR CALENDAR 7 WITHIN THE DIRECTORY SERVER SHOULD BE MORE RESTRICTIVE
(Doc ID 1525016.1)
Last updated on SEPTEMBER 14, 2016
Applies to:Oracle Communications Calendar Server - Version 7.0 (JCS 7) and later
Information in this document applies to any platform.
The following document gives an example of a caldav "user-to-user read any attribute" aci:
Adding LDAP Access Control for Calendar Server Features
By following this example, it is noted that it is not only revealing social information such as department and memberships, but also password information in a simple, non-encrypted format (base64) in sunUCExternalMailProfile, if the user has external pop accounts configured with 'store password' enabled.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!