Display password in cleartext
Bug #113864 reported by
Alessandro Tanasi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sbackup (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sbackup
A good feature is don't display password in text but fill of ****
To post a comment you must log in.
This is a significant security issue: when the target directory is on a remote site via ssh, not only is the remote password stored in plain text in the config file (maybe that's okay), it is emailed (to root, which is then under standard ubuntu installation forwarded on to some major user) upon every successful backup. This email could be forwarded on to someone's non-local email address, or seen by other users, etc --- not conventionally accceptable!
this should be an easy fix: replace the password with **** in all email notifications.