[SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext
jonni.rainisto at jolla.com
Tue Aug 12 10:33:56 UTC 2014
From: devel-bounces at lists.sailfishos.org [devel-bounces at lists.sailfishos.org] on behalf of Tone Kastlunger [users.giulietta at gmail.com]
Sent: Tuesday, August 12, 2014 1:29 PM
To: devel at lists.sailfishos.org
Subject: [SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext
it seems some (google?) DBUS sso service is leaking pw's in cleartext.
Please see here :
signal sender=:1.1322 -> dest=(null destination) serial=13 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
string "The request is started successfully"
method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
variant string "mypasswordincleartext"
variant string "ktone"
I myself am not worried on the google origin, but rather on the cleartext password.
Giving it was leaking one of my working mail's password, I assume it could be the
Can jolla please confirm / deny?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel