Ask / Submit

Revision history [back]

click to hide/show revision 1
initial version

posted 2014-04-04 17:05:05 +0200

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID

string ":1.20" signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged int32 8 string "The request is started successfully" method return sender=:1.95 -> dest=:1.20 reply_serial=233 array [ dict entry( string "Secret" variant string "mypassword" ) dict entry( string "UserName" variant string "myemail@something.com" ) ]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID

string ":1.20" signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged int32 8 string "The request is started successfully" method return sender=:1.95 -> dest=:1.20 reply_serial=233 array [ dict entry( string "Secret" variant string "mypassword" ) dict entry( string "UserName" variant string "myemail@something.com" ) ]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID

string ":1.20" signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged int32 8 string "The request is started successfully" method return sender=:1.95 -> dest=:1.20 reply_serial=233 array [ dict entry( string "Secret" variant string "mypassword" ) dict entry( string "UserName" variant string "myemail@something.com" ) ]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "mypassword"
          )
          dict entry(
             string "UserName"
             variant             string "myemail@something.com"
          )
       ]

]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "mypassword"
"**mypassword**"
          )
          dict entry(
             string "UserName"
             variant             string "myemail@something.com"
          )
       ]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "**mypassword**"
"mypassword"
          )
          dict entry(
             string "UserName"
             variant             string "myemail@something.com"
          )
       ]

dbus-monitor shows exchange mail password in clear text

I was fiddling with the dbus-monitor and noticed the password for my exchange mail flicker by on the screen. It seems like this could be a huge security hole since any app monitoring the dbus could get access to my exchange mail. Here is a draft of what I saw.

method call sender=:1.95 -> dest=org.freedesktop.DBus serial=31 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=GetConnectionUnixProcessID
       string ":1.20"
    signal sender=:1.95 -> dest=(null destination) serial=32 path=/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2; interface=com.google.code.AccountsSSO.SingleSignOn.AuthSession; member=stateChanged
       int32 8
       string "The request is started successfully"
    method return sender=:1.95 -> dest=:1.20 reply_serial=233
       array [
          dict entry(
             string "Secret"
             variant             string "mypassword"
          )
          dict entry(
             string "UserName"
             variant             string "myemail@something.com"
          )
       ]