Ask / Submit

dbus-monitor shows exchange mail password in clear text [released]

Tracked by Jolla (In progress)

asked 2014-04-04 17:05:05 +0300

Xiph gravatar image

updated 2014-08-13 10:25:01 +0300

jiit gravatar image

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2;; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "mypassword"
          dict entry(
             string "UserName"
             variant             string ""
edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by VDVsx
close date 2015-05-06 09:54:59.995004

1 Answer

Sort by » oldest newest most voted

answered 2014-05-12 14:22:51 +0300

rainisto gravatar image

Thanks for the report. This is known and we are working on it.

edit flag offensive delete publish link more



any news on that?

nightmare ( 2014-11-07 22:11:29 +0300 )edit

How are you working on it, if I might ask? What lines if mitigating code has Jolla applied to the problem since it was raised, almost 1 year ago?

rdmo ( 2015-04-30 07:16:44 +0300 )edit

This is fixed either in 1.1.2 or 1.1.4 can't remember which one it was released.

VDVsx ( 2015-04-30 08:45:03 +0300 )edit

@VDVsx: Thanks, that's good to know! Haven't validated this myself, I must add.

rdmo ( 2015-04-30 09:40:39 +0300 )edit

Actually it's going to be released in 1.1.6, but anyways fixed in upcoming release.

rainisto ( 2015-05-20 14:23:18 +0300 )edit

Question tools



Asked: 2014-04-04 17:05:05 +0300

Seen: 672 times

Last updated: May 12 '14