[SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext

Tone Kastlunger users.giulietta at gmail.com
Tue Aug 12 10:29:34 UTC 2014


Hi all;
it seems some (google?) DBUS sso service is leaking pw's in cleartext.
Please see here :

signal sender=:1.1322 -> dest=(null destination) serial=13
path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0;
interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession;
member=stateChanged
   int32 8
   string "The request is started successfully"
method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
   array [
      dict entry(
         string "Secret"
         variant             string "mypasswordincleartext"
      )
      dict entry(
         string "UserName"
         variant             string "ktone"
      )
   ]

I myself am not worried on the google origin, but rather on the cleartext
password.
Giving it was leaking one of my working mail's password, I assume it could
be the
Exchangle plugin?
Can jolla please confirm / deny?


Best,
tk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20140812/44d96f67/attachment.html>


More information about the Devel mailing list