Ubuntu
kdepim package

akregator is storing online reader login/passwork in plain text

Bug #354198 reported by Miguel Tadeu
4
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Invalid
Wishlist
Unassigned

Bug Description

Binary package hint: kdepim

Hi there,
akregator is storing login/password information in akregator_feedsyncrc. This is quite unsafe...It should be using kwallet

Jamie Strandboge (jdstrand)
visibility: private → public
Changed in kdepim (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Unmarking as security. While it would be nice for akregator to use kwallet, the file is appropriately created 600 and not readable be other users so this does not constitute a security vulnerability.

security vulnerability: yes → no
Revision history for this message
Miguel Tadeu (mtadeunet) wrote :

being a sudoer of a machine(which can actually be any user) and being able to check on other users passwords IS a security issue....

Revision history for this message
Harald Sitter (apachelogger) wrote :

Hi there!

Thanks for reporting this bug! Your bug seems to be a problem with the KDE program itself, and not with our KDE packages. While we appreciate your issue, it would be better if it was tracked at https://bugs.kde.org, so that the KDE developers can deal with this speedily and have direct communication with you as the reporter for more effective debugging.

Thanks!

Changed in kdepim (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.