DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11234>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11234 User passwords are displayed in the log Summary: User passwords are displayed in the log Product: James Version: 2.0a3 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: POP3Server AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Contrary to standard security practices, the POP3Handler displays the user password in the log. This allows the administrator or anyone with read-only access to the server logs to gain access to users' mailboxes. Very bad. Very easy fix. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>