[Bug 202576] [NEW] IM Account password unencrypted on gconf-editor
Launchpad Bug Tracker
202576 at bugs.launchpad.net
Mon Apr 28 11:52:04 UTC 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Binary package hint: telepathy-core
On up-to-date hardy amd64:
If you register an account on empathy, the password is saved via gconf. Thus, if you open gconf-editor and browse to /apps/telepathy/mc/<protocol>/ and see the field "param-password", you can see your registered password in plain text, unencrypted!
This should REALLY be encrypted! Otherwise anyone with access to your gconf registry can get your gmail or hotmail passwords!
I tested with gtalk, jabber, msn and sip protocols. All of them have this issue.
** Affects: telepathy-mission-control (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
IM Account password unencrypted on gconf-editor
https://bugs.edge.launchpad.net/bugs/202576
You received this bug notification because you are a member of Telepathy, which is subscribed to telepathy-mission-control in ubuntu.
More information about the Ubuntu-telepathy
mailing list