Package: centericq Version: 4.21.0-3 Severity: important All the passwords are saved as plaintext into the configuration file. This is high security risk that is not obvious from the the "g" menu which displays "****" in place of these items.
Please offer encryption of the configuration file, which is unlocked at the initial start of centericq. Even using crypt(1) for encryption is better than no security at all. jab_nick foo jab_pass netjabber jab_server jabber.org:5222 jab_pgpkey <some id> jab_pgppass password jab_prio 4 icq_uin 82313129 icq_pass password icq_server login.icq.com:5190 icq_webaware 1 irc_nick foo irc_pass password irc_server irc.freenode.org:6667 irc_nickpass password -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US) Versions of packages centericq depends on: ii centericq-common 4.21.0-3 A text-mode multi-protocol instant ii libc6 2.3.5-7 GNU C Library: Shared libraries an ii libcurl3 7.15.0-4 Multi-protocol file transfer libra ii libgcc1 1:4.0.2-3 GCC support library ii libgnutls12 1.2.8-1 the GNU TLS library - runtime libr ii libgpg-error0 1.1-4 library for common error values an ii libgpgme11 1.1.0-1 GPGME - GnuPG Made Easy ii libidn11 0.5.18-1 GNU libidn library, implementation ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libncurses5 5.5-1 Shared libraries for terminal hand ii libssl0.9.7 0.9.7g-5 SSL shared libraries ii libstdc++6 4.0.2-3 The GNU Standard C++ Library v3 ii zlib1g 1:1.2.3-6 compression library - runtime Versions of packages centericq recommends: ii dillo [www-browser] 0.8.5-1.0.1 GTK-based web browser ii konqueror [www-browser] 4:3.4.2-4 KDE's advanced file manager, web b ii links [www-browser] 0.99+1.00pre12-1 Character mode WWW browser ii links2 [www-browser] 2.1pre18-2 Web browser running in both graphi ii lynx [www-browser] 2.8.5-2 Text-mode WWW Browser ii mozilla-firefox [www-br 1.0.7-1 lightweight web browser based on M ii opera [www-browser] 8.50-20050916.6 The Opera Web Browser pn sox <none> (no description available) ii xemacs21-mule [www-brow 21.4.17-2 highly customizable text editor -- -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]