I accidentally put my smtp server in the format "firstname.lastname@example.org" instead of "server.smtp.de" and when trying to send an email a notification pops up exposing my password in plain text. The notification titled "E-mail Sending Failed" starts "Failed to transport message. smtp://<account name>:<password>@:<port>..." I have checked the setting to store SMTP password.
This obviously presents a significant security concern.
Steps to Reproduce:
1. Enter wrong smtp server (perhaps in a particular format as described above?) in settings
2. Send an email from that server/account, with the store password setting checked
An error message pops up exposing password
The error message only says that the email failed to send, and this is presented in a *readable* format.
I will look at soon.
I don't know where is the problem but I will fix it soon.
I investigated it yesterday but didn't find yet which part of code send it.
The same error message, I noticed, is also displayed at the top of KMail's preview pane, if that helps.
I know but it doesn't inform me which code send this information
it's not kioslave smtp so I don't know for the moment
I continue to investigate.
This bug has never been confirmed for a KDE PIM version that is based on KDE Frameworks (5.x). Those versions differ significantly from the old 4.x series. Therefore, I plan to close it in around two or three months. In the meantime, it is set to WAITINGFORINFO to give reporters the oportunity to check if it is still valid. As soon as someone confirms it for a recent version (at least 5.1, ideally even more recent), I'll gladly reopen it.
Please understand that we lack the manpower to triage bugs reported for versions almost two years beyond their end of life.
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.1 aka 15.12, preferably more recent), please open a new one unless it already exists. Thank you for all your input.