SUMMARY Login PLAIN over SSL appears to have stopped working in Version 5.17.0 (21.04.0) Mail log file indicates that Ksieve Editor is sending password as username? ex: managesieve-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<MYPASSWORD>, method=PLAIN,.... "MYPASSWORD" is my password entered in the "password" field in the login dialog window. STEPS TO REPRODUCE 1. open ksieve editor 2. connect to entry in list 3. enter info in prompt for user/password OBSERVED RESULT login failed (mail log file shows password entered as username) EXPECTED RESULT login success SOFTWARE/OS VERSIONS Windows: NO macOS: NO Linux/KDE Plasma: NO FreeBSD 13.0: YES (available in About System) KDE Plasma Version: Version 5.17.0 (21.04.0) KDE Frameworks Version: Version 5.17.0 (21.04.0) Qt Version: Version 5.17.0 (21.04.0) ADDITIONAL INFORMATION
Having the same issue after upgrading to Debian bookworm. 5.23.2/21.08.1. Logs indeed show it is sending the password as username, exposing it to server's logfiles plainly.
I could work around by downgrading to a version prior to the one reported down below.
*Downgrading libksieve to 21.03.80-1.
FWIW, there is an error in libksieve/src/kmanagesieve/session.cpp at line 276 where it applies the password to the username. I've raised a new bug, id: 467034, with the details. Hopefully it will get fixed.
Git commit 6b460ba93ac4ac503ba039d0b788ac7595120db1 by Laurent Montel. Committed on 08/03/2023 at 05:51. Pushed by mlaurent into branch 'master'. Fix 467034: libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged( Bug investigate by "bib" thanks Related: bug 467034 FIXED-IN: 5.23.0 M +1 -1 src/kmanagesieve/session.cpp https://invent.kde.org/pim/libksieve/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1