[Evolution] Bug#358507: saved passwords are world-readable

Christian Surchi csurchi at debian.org
Thu Mar 23 00:14:30 UTC 2006

Il giorno gio, 23/03/2006 alle 10.18 +1100, Drew Parsons ha scritto:
> Package: evolution
> Version:
> Severity: critical
> evolution offers you the option of saving passwords to mail servers so you
> don't have to type them in each time.  They get saved to
> ~/.gnome2_private/Evolution.
> The permissions of this file are -rw-r--r--. This means anyone on the same
> machine can read your passwords, correct?
> Marking as "critical" since this is surely a security hole.

In a directory not accessible by any other user?

drwx------  2 christian christian   4096 2006-02-16 01:27 .gnome2_private


More information about the Pkg-evolution-maintainers mailing list