matthiasblaesing commented on pull request #2906: URL: https://github.com/apache/netbeans/pull/2906#issuecomment-824326261
> One more thing to consider regarding libsecret is this https://nvd.nist.gov/vuln/detail/CVE-2018-19358 > When the user is logged in, the keyring is unlocked and other apps can read the passwords, but looks like it is being used like this anyway... The CVE for me falls into the "works as intended" category. If your application runs on a level where it can acccess the whole dbus and thus runs as a local application, it can trivially modify local programms and thus you are already screwed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
