Mailplane v 2.0.3 Build 974 allows you to log into Gmail with an incorrect password. I suspect that it is caching the password even when it has been configured not to. Or maybe it's using the cookie from an existing session in another browser?
Steps to reproduce: Mailplane, Preferences, Accounts: Uncheck "Store password in keychain" Uncheck "Automatically log in when needed" Close preferences (I do this on my work MacBook Pro because I do not want anyone to be able to log into my Gmail except me. There are occasions when other people have access to my computer and I don't want them to be able to get to my private mail.) Quit Mailplane. Open Mailplane You are challenged to log in. In the email field in the login dialog sheet, your gmail address should be filled in. Your password should be blank. Below the Email and Password fields 'store password in keychain should be blank and 'store password in keychain should be both disabled and blank. Type an incorrect password into the 'Password' field and press login Expected behavior: your incorrect password is rejected. You are invited to try again Observed behavior: your incorrect password is accepted and you are logged into Gmail. This is a serious security glitch. Can you please look at this and see where it's getting the login credentials from? Best simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mailplaneapp" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mailplaneapp?hl=en -~----------~----~----~----~------~----~------~--~---
