https://bugs.kde.org/show_bug.cgi?id=365350
Bug ID: 365350
Summary: Exchange password visible on screen / in URL when
testing connection to calendar
Product: korganizer
Version: unspecified
Platform: Archlinux Packages
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: groupware
Assignee: korganizer-de...@kde.org
Reporter: le.t...@gmail.com
When trying to test the connection of a new XO calendar (in the configuration
dialogue), the connection might fail, subsequently revealing the whole GET URL
including the cleartext password on screen. This happens when one enters a
server without https:// in front.
Reproducible: Always
Steps to Reproduce:
1. Open KOrganizer
2. Navigate to General Settings -> Calendar Tab and Add a calendar
3. Select Open-Xchange Groupware Server
4. Type in (wrong, without https://) server, user and password combination
5. Click test connection
Actual Results:
A pop-up error dialogue displaying the while GET URL, including the cleartext
password.
Expected Results:
Notification of error without revealing password in cleartext.
(Not sending password in cleartext in the first place.)
Version 5.2.2
KDE Frameworks 5.23.0
Qt 5.7.0 (compiled against 5.6.0)
--
You are receiving this mail because:
You are watching all bug changes.
