'[Bug 69089] New: kmail debug output reveals IMAP password'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 69089] New: kmail debug output reveals IMAP password
From:       Torsten Kasch <tk () Genetik ! Uni-Bielefeld ! DE>
Date:       2003-11-26 17:54:40
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
     
http://bugs.kde.org/show_bug.cgi?id=69089     
           Summary: kmail debug output reveals IMAP password
           Product: kmail
           Version: unspecified
          Platform: Compiled Sources
        OS/Version: Solaris
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: kmail@kde.org
        ReportedBy: tk@Genetik.Uni-Bielefeld.DE


Version:            (using KDE Devel)
Installed from:    Compiled sources
Compiler:          gcc version 2.95.3 20010315 (release) 
OS:          Solaris

KMail's debug output writes my IMAP password to ~/.xsession-errors; I've found lots \
of lines like the following:

kmail: KMFolderImap::checkValidity of: imaps://tk:MyPasword@imap.my.domain:993/....

(I had to obscure this line for obvious reasons)

I consider this quite critical; not even debug output should write any passwords in \
clear to a file...


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic