https://bugs.kde.org/show_bug.cgi?id=344474
Bug ID: 344474
Summary: Kmail exposes password through notification if smtp
server not accessible
Product: kmail2
Version: 4.14.1
Platform: Ubuntu Packages
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
I accidentally put my smtp server in the format "[email protected]" instead of
"server.smtp.de" and when trying to send an email a notification pops up
exposing my password in plain text. The notification titled "E-mail Sending
Failed" starts "Failed to transport message. smtp://<account
name>:<password>@:<port>..." I have checked the setting to store SMTP password.
This obviously presents a significant security concern.
Reproducible: Always
Steps to Reproduce:
1. Enter wrong smtp server (perhaps in a particular format as described above?)
in settings
2. Send an email from that server/account, with the store password setting
checked
Actual Results:
An error message pops up exposing password
Expected Results:
The error message only says that the email failed to send, and this is
presented in a *readable* format.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/kdepim-bugs
