tag 160579 security thanks We don't just use the security tag in the bts for security holes that are limited to shell exploits. This particular problem, which by the way has been assigned CVE id CAN-2002-1647, allows interception of some user's passwords, and hijacking of their slash accounts, which can be considered a security hole. Especially if a user is unwise enough to reuse that password elsewhere.
Anyway, upstream does *not* consider the lack of redirect a feature. Upstream was changed years ago to always redirect to a url that does not contain the password, even if the password is incorrect, and the Debian package should be updated. See http://marc.theaimsgroup.com/?l=bugtraq&m=103238514720237&w=2 -- see shy jo
signature.asc
Description: Digital signature

