https://bugzilla.novell.com/show_bug.cgi?id=645835 https://bugzilla.novell.com/show_bug.cgi?id=645835#c0 Summary: obs stores the users password in the session leaking it to the database and sending it via mail Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: All OS/Version: All Status: NEW Severity: Major Priority: P5 - None Component: BuildService AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: winter@pre-sense.de QAContact: adrian@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.13) Gecko/20100916 Iceweasel/3.5.13 (like Firefox/3.5.13) OBS stores the users password unencrypted in the session store leaking the password into the database. Even worse, the password is sent to all the people listed in exception_recipients via mail. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.