[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] gkrellm 2.1.19 email user/password storage in clear text

christopher neitzert wrote:

Hi all,

I couldn't find this when searching through the list archives so I
presume it hasn't been posted yet.

From gkrellm-2.1.19 rpm base:

~user/.gkrellm/user-config  stores passwords for IMAP, IMAP-CRAM-MD5,
and POP in clear text.

From ~user/.gkrellm/user-config
--
mail mailbox-remote IMAP_(CRAM-MD5) some.server.com "username"
"password" 143 "inbox"
--

Can anyone confirm that this is true on other versions/platforms?

happy gnu year!

Chris




Confirmed as true:

gkrellm-2.1.21-1 on Fedora Core release 1 (Yarrow) (probably on others too)

-------------

$ cat ~/.gkrellm2/user-config |grep mailbox-remote

mail mailbox-remote POP3 my.pop3server.com "user" "passwd" 110

------------

Happy New Year,
Danny

PS: Chris, sorry for double post (forgot cc to FD ;)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html