We have moved to a new Sailfish OS Forum. Please start new discussions there.

dbus-monitor shows exchange mail password in clear text [released]

Tracked by Jolla (In progress)

asked 2014-04-04 17:05:05 +0300

Xiph gravatar image

updated 2014-08-13 10:25:01 +0300

jiit gravatar image

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "mypassword"
          dict entry(
             string "UserName"
             variant             string "myemail@something.com"
edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by VDVsx
close date 2015-05-06 09:54:59.995004

1 Answer

Sort by » oldest newest most voted

answered 2014-05-12 14:22:51 +0300

rainisto gravatar image

Thanks for the report. This is known and we are working on it.

edit flag offensive delete publish link more



any news on that?

nightmare ( 2014-11-07 22:11:29 +0300 )edit

How are you working on it, if I might ask? What lines if mitigating code has Jolla applied to the problem since it was raised, almost 1 year ago?

rdmo ( 2015-04-30 07:16:44 +0300 )edit

This is fixed either in 1.1.2 or 1.1.4 can't remember which one it was released.

VDVsx ( 2015-04-30 08:45:03 +0300 )edit

@VDVsx: Thanks, that's good to know! Haven't validated this myself, I must add.

rdmo ( 2015-04-30 09:40:39 +0300 )edit

Actually it's going to be released in 1.1.6, but anyways fixed in upcoming release.

rainisto ( 2015-05-20 14:23:18 +0300 )edit

Question tools



Asked: 2014-04-04 17:05:05 +0300

Seen: 674 times

Last updated: May 12 '14