467034 – libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged

Bug 467034 - libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged

Summary: libksieve/src/kmanagesieve/session.cpp assigns password to username & gets lo...

Status:	RESOLVED FIXED

Alias:	None

Product:	sieveeditor
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	openSUSE Linux

Importance:	NOR critical
Target Milestone:	---
Assignee:	Laurent Montel

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-03-07 23:02 UTC by bib
Modified:	2023-03-08 05:52 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	https://invent.kde.org/pim/libksieve/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1
Version Fixed In:	5.23.0
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description bib 2023-03-07 23:02:24 UTC

SUMMARY
***
I've raised this as critical as a library logs passwords.
in libksieve/src/kmanagesieve/session.cpp, password is entered against username
***

In the above file at line 276, the following is entered:
  ad.username = dlg->password();

I am pretty sure that it should be:
  ad.username = dlg->username();

This has been the case since file creation in 2015.

Comment 1 Laurent Montel 2023-03-08 05:52:58 UTC

Git commit 6b460ba93ac4ac503ba039d0b788ac7595120db1 by Laurent Montel.
Committed on 08/03/2023 at 05:51.
Pushed by mlaurent into branch 'master'.

Fix 467034: libksieve/src/kmanagesieve/session.cpp assigns password to username & gets logged(

Bug investigate by "bib" thanks
Related: bug 437858
FIXED-IN: 5.23.0

M  +1    -1    src/kmanagesieve/session.cpp

https://invent.kde.org/pim/libksieve/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1