[Users] [Bug 3099] Username and password stored in plain text
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Mon Mar 10 11:37:56 CET 2014
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
--- Comment #2 from Tomas Radej <tradej at redhat.com> ---
What about any process, running with the current user ID, being able to access
each and every file in the .claws-mail folder? Simple grep -R reveals numerous
occurrences of the password in files in that folder.
Futhermore - by default, .claws-mail, and everything in it, is readable to
anyone on the computer.
This indeed is a major security flaw, not an enhancement. Please, treat is as
such.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list