© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Message-Id: <email address hidden>
Date: Wed, 19 Oct 2005 10:42:06 +1000
From: Geoff Crompton <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla-
Package: mozilla-thunderbird
Version: 1.0.2-2.sarge1.0.6
Severity: grave
Justification: user security hole
Thunderbird reverts to plain authentication for SMTP, in order to
provide more compatability for SMTP servers that don't support crypt
auth. However no warning is given to user, and there is no way to
overide this behaviour, so it is very easy for users passwords to be
sent in clear text.
This is in mozillas bugzilla:
https:/
It seems that at the moment upstream isn't too concerned about it. But
it sure as heck alarms me.
Researcher who discovered it has this page:
http://
I first saw it mentioned on Security Focus:
http://