Mumble stores passwords in plain text in a globally readable sqlite DB
Bug #783405 reported by
Tom Haddon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mumble (Debian) |
Fix Released
|
Unknown
|
|||
mumble (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: mumble
If you run:
sqlite3 ~/.local/
And then:
SELECT * FROM servers;
You'll see your password in plain text. This file is globally readable by default.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: mumble 1.2.3-1ubuntu6
ProcVersionSign
Uname: Linux 2.6.38-8-generic i686
Architecture: i386
Date: Mon May 16 11:18:59 2011
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: mumble
UpgradeStatus: Upgraded to natty on 2011-04-12 (33 days ago)
visibility: | private → public |
Changed in mumble (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in mumble (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in mumble (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in mumble (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in mumble (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in mumble (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in mumble (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in mumble (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in mumble (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in mumble (Debian): | |
status: | Unknown → New |
Changed in mumble (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
https:/ /github. com/mumble- voip/mumble/ commit/ 5632c35d6759f5e 13a7dfe78e4ee64 03ff6a8e3e