Bug 190058

Summary: akregator exposes password of password protected blogs
Product: [Applications] akregator Reporter: Mark Purcell <msp>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: normal CC: niehaus
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:

Description Mark Purcell 2009-04-19 13:06:05 UTC 
Version:           1.4.2 (using 4.2.2 (KDE 4.2.2), Debian packages)
Compiler:          cc
OS:                Linux (i686) release 2.6.29-1-686

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521298
521298@bugs.debian.org

I confirm this behavior is still present in 4.2.2.

From: Sebastian Niehaus <niehaus@web.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: akregator exposes password of password protected blogs
Date: Thu, 26 Mar 2009 16:04:33 +0100

Package: akregator
Version: 4:3.5.9-5
Severity: important

I subscribed to a password protected blog using a feed URL like this
one:

http://user:password@passwordprotected-blog.example.com/blog/index.rss



Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a
file, the name containing not only the feed URL but also the username
and password


This may expose passwords to other users of the box. 


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages akregator depends on:
ii  kdelibs4c2a      4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al
ii  libc6            2.7-18                  GNU C Library: Shared libraries
ii  libgcc1          1:4.3.2-1.1             GCC support library
ii  libkdepim1a      4:3.5.9-5               KDE PIM library
ii  libqt3-mt        3:3.3.8b-5+b1           Qt GUI Library (Threaded runtime v
ii  libstdc++6       4.3.2-1.1               The GNU Standard C++ Library v3

akregator recommends no packages.

akregator suggests no packages.

-- no debconf information
Comment 1 Denis Kurz 2016-09-24 19:42:08 UTC 
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of akregator (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.
Comment 2 Denis Kurz 2017-01-07 22:31:42 UTC 
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.