https://together.jolla.com/question/37710/dbus-monitor-shows-exchange-mail-password-in-clear-text/
________________________________
From: devel-boun...@lists.sailfishos.org [devel-boun...@lists.sailfishos.org]
on behalf of Tone Kastlunger [users.giulie...@gmail.com]
Sent: Tuesday, August 12, 2014 1:29 PM
To: devel@lists.sailfishos.org
Subject: [SailfishDevel] Potential security issue ? DBUS leaking passwords in
cleartext
Hi all;
it seems some (google?) DBUS sso service is leaking pw's in cleartext.
Please see here :
signal sender=:1.1322 -> dest=(null destination) serial=13
path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0;
interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession;
member=stateChanged
int32 8
string "The request is started successfully"
method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
array [
dict entry(
string "Secret"
variant string "mypasswordincleartext"
)
dict entry(
string "UserName"
variant string "ktone"
)
]
I myself am not worried on the google origin, but rather on the cleartext
password.
Giving it was leaking one of my working mail's password, I assume it could be
the
Exchangle plugin?
Can jolla please confirm / deny?
Best,
tk
_______________________________________________
SailfishOS.org Devel mailing list
To unsubscribe, please send a mail to devel-unsubscr...@lists.sailfishos.org
