[Users] [Bug 3099] Username and password stored in plain text

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Mon Mar 10 11:37:56 CET 2014


--- Comment #2 from Tomas Radej <tradej at redhat.com> ---
What about any process, running with the current user ID, being able to access
each and every file in the .claws-mail folder? Simple grep -R reveals numerous
occurrences of the password in files in that folder.

Futhermore - by default, .claws-mail, and everything in it, is readable to
anyone on the computer.

This indeed is a major security flaw, not an enhancement. Please, treat is as

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list