[Evolution] Bug#358507: saved passwords are world-readable
Christian Surchi
csurchi at debian.org
Thu Mar 23 00:14:30 UTC 2006
Il giorno gio, 23/03/2006 alle 10.18 +1100, Drew Parsons ha scritto:
> Package: evolution
> Version: 2.4.2.1-1
> Severity: critical
>
> evolution offers you the option of saving passwords to mail servers so you
> don't have to type them in each time. They get saved to
> ~/.gnome2_private/Evolution.
>
> The permissions of this file are -rw-r--r--. This means anyone on the same
> machine can read your passwords, correct?
>
> Marking as "critical" since this is surely a security hole.
In a directory not accessible by any other user?
drwx------ 2 christian christian 4096 2006-02-16 01:27 .gnome2_private
bye
Christian
More information about the Pkg-evolution-maintainers
mailing list