https://bugs.kde.org/show_bug.cgi?id=344474
Bug ID: 344474 Summary: Kmail exposes password through notification if smtp server not accessible Product: kmail2 Version: 4.14.1 Platform: Ubuntu Packages OS: Linux Status: UNCONFIRMED Severity: normal Priority: NOR Component: general Assignee: kdepim-bugs@kde.org Reporter: nortex...@gmail.com I accidentally put my smtp server in the format "ser...@smtp.de" instead of "server.smtp.de" and when trying to send an email a notification pops up exposing my password in plain text. The notification titled "E-mail Sending Failed" starts "Failed to transport message. smtp://<account name>:<password>@:<port>..." I have checked the setting to store SMTP password. This obviously presents a significant security concern. Reproducible: Always Steps to Reproduce: 1. Enter wrong smtp server (perhaps in a particular format as described above?) in settings 2. Send an email from that server/account, with the store password setting checked Actual Results: An error message pops up exposing password Expected Results: The error message only says that the email failed to send, and this is presented in a *readable* format. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list Kdepim-bugs@kde.org https://mail.kde.org/mailman/listinfo/kdepim-bugs