Bug 467034

Summary: libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged
Product: [Applications] sieveeditor Reporter: bib <kde>
Component: generalAssignee: Laurent Montel <montel>
Status: RESOLVED FIXED    
Severity: critical    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: https://invent.kde.org/pim/libksieve/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1 Version Fixed/Implemented In: 5.23.0
Sentry Crash Report:

Description bib 2023-03-07 23:02:24 UTC 
SUMMARY
***
I've raised this as critical as a library logs passwords.
in libksieve/src/kmanagesieve/session.cpp, password is entered against username
***

In the above file at line 276, the following is entered:
  ad.username = dlg->password();

I am pretty sure that it should be:
  ad.username = dlg->username();

This has been the case since file creation in 2015.
Comment 1 Laurent Montel 2023-03-08 05:52:58 UTC 
Git commit 6b460ba93ac4ac503ba039d0b788ac7595120db1 by Laurent Montel.
Committed on 08/03/2023 at 05:51.
Pushed by mlaurent into branch 'master'.

Fix 467034: libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged(

Bug investigate by "bib" thanks
Related: bug 437858
FIXED-IN: 5.23.0

M  +1    -1    src/kmanagesieve/session.cpp

https://invent.kde.org/pim/libksieve/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1