Control: tag -1 unreproducible
On Wed, 10 Jun 2020 at 23:19:41 +0200, Marco Herrn wrote:
> When writing into a logfile, rainloop writes the passwords of all
> login attempts (successful or not) into the logfile in cleartext.
FWIW I'm not able to reproduce this with the version from Debian buster
Hello Daniel,
I don't have the possibility to try out a newer version of rainloop, but
according to a recent comment on the github issue [1] this is really fixed
in version 1.14.0 of rainloop. So I assume that only applies to the current
stable release.
Nevertheless I see this bug as grave
Hello Marco,
I wasn't able to reproduce this issue in the current version of
Rainloop. Passwords were replaced by asterisks in the logs with the
hide_passwords option enabled (the default). Could you please check to
see if package version 1.14.0-1, currently in testing/unstable, resolves
the
Package: rainloop
Version: 1.12.1-2
Severity: important
Dear Maintainer,
When writing into a logfile, rainloop writes the passwords of all login
attempts (successful or not) into the logfile in cleartext.
Rainloop provides an option 'hide_passwords' in the application.ini that
should prohibit
4 matches
Mail list logo