[SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext

Andrea Bernabei and.bernabei at gmail.com
Tue Aug 12 21:00:59 UTC 2014


Jonni, do you have more information to share?

your comment to that thread says that Jolla was already working on fixing
it during May, is there any news? :)


2014-08-12 12:33 GMT+02:00 Jonni Rainisto <jonni.rainisto at jolla.com>:

>
> https://together.jolla.com/question/37710/dbus-monitor-shows-exchange-mail-password-in-clear-text/
>
>  ------------------------------
> *From:* devel-bounces at lists.sailfishos.org [
> devel-bounces at lists.sailfishos.org] on behalf of Tone Kastlunger [
> users.giulietta at gmail.com]
> *Sent:* Tuesday, August 12, 2014 1:29 PM
> *To:* devel at lists.sailfishos.org
> *Subject:* [SailfishDevel] Potential security issue ? DBUS leaking
> passwords in cleartext
>
>    Hi all;
> it seems some (google?) DBUS sso service is leaking pw's in cleartext.
>  Please see here :
>
> signal sender=:1.1322 -> dest=(null destination) serial=13
> path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0;
> interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession;
> member=stateChanged
>    int32 8
>    string "The request is started successfully"
> method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
>    array [
>       dict entry(
>          string "Secret"
>          variant             string "mypasswordincleartext"
>       )
>       dict entry(
>          string "UserName"
>          variant             string "ktone"
>       )
>    ]
>
>  I myself am not worried on the google origin, but rather on the
> cleartext password.
>  Giving it was leaking one of my working mail's password, I assume it
> could be the
> Exchangle plugin?
>  Can jolla please confirm / deny?
>
>
>  Best,
> tk
>
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to
> devel-unsubscribe at lists.sailfishos.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20140812/0a8b55aa/attachment-0001.html>


More information about the Devel mailing list