| Bug ID | 1209050 |
|---|---|
| Summary | libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.4 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | KDE Applications |
| Assignee | opensuse-kde-bugs@opensuse.org |
| Reporter | opensuse@1.opensuse.bgcomp.co.uk |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
I raised a bug with KDE which has now been fixed, https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1. This applies the password to the username which will then fail login. When this happens, the contents of the username, now the actual password is logged. This is a security risk. As this is unlikely to be pushed before the next release, can you please ensure that your own code includes it.