[SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext
Giuliettasw
users.giulietta at gmail.com
Wed Aug 13 04:26:33 UTC 2014
I join Andrea; Jonni can we have more details? Thanks!
Best,
tk
Von meinem iPad gesendet
> Am 13.8.2014 um 0.00 schrieb Andrea Bernabei <and.bernabei at gmail.com>:
>
> Jonni, do you have more information to share?
>
> your comment to that thread says that Jolla was already working on fixing it during May, is there any news? :)
>
>
> 2014-08-12 12:33 GMT+02:00 Jonni Rainisto <jonni.rainisto at jolla.com>:
>> https://together.jolla.com/question/37710/dbus-monitor-shows-exchange-mail-password-in-clear-text/
>>
>> From: devel-bounces at lists.sailfishos.org [devel-bounces at lists.sailfishos.org] on behalf of Tone Kastlunger [users.giulietta at gmail.com]
>> Sent: Tuesday, August 12, 2014 1:29 PM
>> To: devel at lists.sailfishos.org
>> Subject: [SailfishDevel] Potential security issue ? DBUS leaking passwords in cleartext
>>
>> Hi all;
>> it seems some (google?) DBUS sso service is leaking pw's in cleartext.
>> Please see here :
>>
>> signal sender=:1.1322 -> dest=(null destination) serial=13 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
>> int32 8
>> string "The request is started successfully"
>> method return sender=:1.1322 -> dest=:1.36 reply_serial=4633
>> array [
>> dict entry(
>> string "Secret"
>> variant string "mypasswordincleartext"
>> )
>> dict entry(
>> string "UserName"
>> variant string "ktone"
>> )
>> ]
>>
>> I myself am not worried on the google origin, but rather on the cleartext password.
>> Giving it was leaking one of my working mail's password, I assume it could be the
>> Exchangle plugin?
>> Can jolla please confirm / deny?
>>
>>
>> Best,
>> tk
>>
>> _______________________________________________
>> SailfishOS.org Devel mailing list
>> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org
>
> _______________________________________________
> SailfishOS.org Devel mailing list
> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfishos.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20140813/414b2f3b/attachment.html>
More information about the Devel
mailing list