Bug 287116

Summary: Records passwords and posts them to bug center for all the world to see.
Product: [Applications] drkonqi Reporter: Harry Skelton <skelton.harry>
Component: backtraceparsingAssignee: George Kiagiadakis <mail>
Status: RESOLVED NOT A BUG    
Severity: major CC: andresbajotierra, cfeck, sitter, uetsah
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Harry Skelton 2011-11-20 23:16:49 UTC 
Version:           unspecified (using KDE 4.7.3) 
OS:                Linux

The backtrace records texts with mail clients where passwords are associated and are posted to the bug report list.  Need edit feature to look for patterns that equal passwords or other secure information and XXXXX it out.

Reproducible: Didn't try

Steps to Reproduce:
Crash your system while in Thunderbird

Actual Results:  
See my recent crash report under Plasma

Expected Results:  
Found out after the fact.  Had to change my password because of this.

Very poor security.  I'll never report another crash again because of this.
Comment 1 Christoph Feck 2011-11-21 10:33:59 UTC 
How do you think it should detect passwords?
Comment 2 Harry Skelton 2011-11-21 12:13:17 UTC 
Store a list of keyword items in a secure file that the bug system will edit from the information sent to the bug center.  To "X" out the information, or to use some other pattern or word.
Comment 3 Jekyll Wu 2013-09-15 02:56:06 UTC 
*** Bug 222688 has been marked as a duplicate of this bug. ***
Comment 4 Andrew Crouthamel 2018-11-10 03:22:34 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Andrew Crouthamel 2018-11-21 04:37:45 UTC 
Dear Bug Submitter,

This is a reminder that this bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? This bug will be moved back to REPORTED Status for manual review later, which may take a while. If you are able to, please lend us a hand.

Thank you for helping us make KDE software even better for everyone!
Comment 6 Harald Sitter 2019-12-14 14:46:30 UTC 
This isn't really solvable. Even the best attempts would not cover all cases so there's always a chance secrets are leaked unfortunately. This would likely be less of a problem if we didn't track crashes in the bug tracker, but even changing that is unfortunately a fairly involved change.