Affected version(s): OXGuard 2.8-rev16 and lower
Problem
A user sends and encrypted mail to an unknown "external" address and uses the extra PIN functionality. The recipient does not see the extra PIN, only a password which he does not yet know. This is confusing for the end user.
The issue arrises when when the user is not assigned a password, but a PIN was applied. To reproduce, make sure the following settings are applied:
guard-core.properties:
com.openexchange.guard.newGuestsRequirePassword=false
guard-api.properties:
com.openexchange.capability.guard-pin=true
Workaround #1
Send the encrypted mail, but do not use the extra PIN functionality. In this case, the guest receives the encrypted message with a link to the temporary account. After following this link, the user is recognized as a new guest and can set his own password.
Workaround #2
If com.openexchange.guard.newGuestRequirePassword=true then the user will have a password available, and will then be prompted for a pin.
guard-core.properties:
com.openexchange.guard.newGuestsRequirePassword=true
guard-api.properties:
com.openexchange.capability.guard-pin=true
Remember to restart your OXApp Server to allow the changes to take place.
Solution
Tracked as Bug #58230
STATUS: Fixed in OX Guard 2.8-rev17