[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#521298: akregator exposes password of password protected blogs

Package: akregator
Version: 4:3.5.9-5
Severity: important

I subscribed to a password protected blog using a feed URL like this
one:

http://user:password@passwordprotected-blog.example.com/blog/index.rss



Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a
file, the name containing not only the feed URL but also the username
and password


This may expose passwords to other users of the box. 


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages akregator depends on:
ii  kdelibs4c2a      4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al
ii  libc6            2.7-18                  GNU C Library: Shared libraries
ii  libgcc1          1:4.3.2-1.1             GCC support library
ii  libkdepim1a      4:3.5.9-5               KDE PIM library
ii  libqt3-mt        3:3.3.8b-5+b1           Qt GUI Library (Threaded runtime v
ii  libstdc++6       4.3.2-1.1               The GNU Standard C++ Library v3

akregator recommends no packages.

akregator suggests no packages.

-- no debconf information
Reply to: