[Users] [Bug 3099] when used in URI, (https://USERNAME:MYPASSWORD at mailserver/home/USERNAME/Calendar), password stored in plain text
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Thu Mar 13 16:23:07 CET 2014
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
--- Comment #28 from Tomas Radej <tradej at redhat.com> ---
I wasn't going to comment further on the matter, but I have to.
<rant>
While the CVE might indeed be an overkill, I do not agree with this being a
hack. You may very well claim that you don't support this feature of the HTTP
protocol, but I say that every program that can query a HTTP URL can by
definition support HTTP authentication. If you don't agree with this
interpretation, fine. Let me just point out that even the bloody Internet
Explorer 5 stripped the credentials off the entry in History.
</rant>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list