[SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext

Giuliettasw users.giulietta at gmail.com
Wed Aug 13 04:26:33 UTC 2014


I join Andrea; Jonni can we have more details? Thanks!

Best,
tk

Von meinem iPad gesendet

> Am 13.8.2014 um 0.00 schrieb Andrea Bernabei <and.bernabei at gmail.com>:
> 
> Jonni, do you have more information to share?
> 
> your comment to that thread says that Jolla was already working on fixing it during May, is there any news? :)
> 
> 
> 2014-08-12 12:33 GMT+02:00 Jonni Rainisto <jonni.rainisto at jolla.com>:
>> https://together.jolla.com/question/37710/dbus-monitor-shows-exchange-mail-password-in-clear-text/
>> 
>> From: devel-bounces at lists.sailfishos.org [devel-bounces at lists.sailfishos.org] on behalf of Tone Kastlunger [users.giulietta at gmail.com]
>> Sent: Tuesday, August 12, 2014 1:29 PM
>> To: devel at lists.sailfishos.org
>> Subject: [SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext
>> 
>> Hi all;
>> it seems some (google?) DBUS sso service is leaking pw's in cleartext.
>> Please see here : 
>> 
>> signal sender=:1.1322 -> dest=(null destination) serial=13 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
>>    int32 8
>>    string "The request is started successfully"
>> method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
>>    array [
>>       dict entry(
>>          string "Secret"
>>          variant             string "mypasswordincleartext"
>>       )
>>       dict entry(
>>          string "UserName"
>>          variant             string "ktone"
>>       )
>>    ]
>> 
>> I myself am not worried on the google origin, but rather on the cleartext password.
>> Giving it was leaking one of my working mail's password, I assume it could be the 
>> Exchangle plugin?
>> Can jolla please confirm / deny?
>> 
>> 
>> Best,
>> tk
>> 
>> _______________________________________________
>> SailfishOS.org Devel mailing list
>> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org
> 
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20140813/414b2f3b/attachment.html>


More information about the Devel mailing list