190058 – akregator exposes password of password protected blogs

Bug 190058 - akregator exposes password of password protected blogs

Summary: akregator exposes password of password protected blogs

Status:	RESOLVED UNMAINTAINED

Alias:	None

Product:	akregator
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-04-19 13:06 UTC by Mark Purcell
Modified:	2017-01-07 22:31 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Purcell 2009-04-19 13:06:05 UTC

Version:           1.4.2 (using 4.2.2 (KDE 4.2.2), Debian packages)
Compiler:          cc
OS:                Linux (i686) release 2.6.29-1-686

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521298
521298@bugs.debian.org

I confirm this behavior is still present in 4.2.2.

From: Sebastian Niehaus <niehaus@web.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: akregator exposes password of password protected blogs
Date: Thu, 26 Mar 2009 16:04:33 +0100

Package: akregator
Version: 4:3.5.9-5
Severity: important

I subscribed to a password protected blog using a feed URL like this
one:

http://user:password@passwordprotected-blog.example.com/blog/index.rss



Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a
file, the name containing not only the feed URL but also the username
and password


This may expose passwords to other users of the box. 


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages akregator depends on:
ii  kdelibs4c2a      4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al
ii  libc6            2.7-18                  GNU C Library: Shared libraries
ii  libgcc1          1:4.3.2-1.1             GCC support library
ii  libkdepim1a      4:3.5.9-5               KDE PIM library
ii  libqt3-mt        3:3.3.8b-5+b1           Qt GUI Library (Threaded runtime v
ii  libstdc++6       4.3.2-1.1               The GNU Standard C++ Library v3

akregator recommends no packages.

akregator suggests no packages.

-- no debconf information

Comment 1 Denis Kurz 2016-09-24 19:42:08 UTC

This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of akregator (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.

Comment 2 Denis Kurz 2017-01-07 22:31:42 UTC

Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.