[kmail2] [Bug 344474] New: Kmail exposes password through notification if smtp server not accessible
Michael D
nortexoid at gmail.com
Mon Feb 23 09:02:48 GMT 2015
https://bugs.kde.org/show_bug.cgi?id=344474
Bug ID: 344474
Summary: Kmail exposes password through notification if smtp
server not accessible
Product: kmail2
Version: 4.14.1
Platform: Ubuntu Packages
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: kdepim-bugs at kde.org
Reporter: nortexoid at gmail.com
I accidentally put my smtp server in the format "server at smtp.de" instead of
"server.smtp.de" and when trying to send an email a notification pops up
exposing my password in plain text. The notification titled "E-mail Sending
Failed" starts "Failed to transport message. smtp://<account
name>:<password>@:<port>..." I have checked the setting to store SMTP password.
This obviously presents a significant security concern.
Reproducible: Always
Steps to Reproduce:
1. Enter wrong smtp server (perhaps in a particular format as described above?)
in settings
2. Send an email from that server/account, with the store password setting
checked
Actual Results:
An error message pops up exposing password
Expected Results:
The error message only says that the email failed to send, and this is
presented in a *readable* format.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list