Showing posts from December, 2017

Unauthorised Accessing of Google Calendar Invites

Unauthorised Accessing of Google Calendar Invites
Google Calendar, a common and very well known feature that everyone uses for scheduling and organising meetings within an organisation that uses "Google for Work".
The Bug! Failure to restrict the access to unauthorised personal.
Story, While scheduling a meeting with my work team to present a demo, I came across the functionality in Google calendar to add groups as guest. Once a group is added, Calendar will automatically expands the group and adds all members to the meeting. While doing so, it prompts the organiser if (s)he wants to send the meeting invites to the guest list.
Once the meeting is scheduled, all the meeting invitations will actually be sent from the user/organiser's mail account. That means, once you schedule a meeting, if you go and check your sent mail box, we can find all the meeting invites that were sent to all the guest.
Figure: sent mail box with target mail
So far, its just a feature. But once we o…