[Pkg-kde-extras] Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
Heinrich Schuchardt
xypron.glpk at gmx.de
Mon Dec 18 05:21:44 UTC 2017
Package: quassel-client
Version: 1:0.12.4-2
Severity: normal
Dear Maintainer,
the configuration of quassel client is stored in
~/.config/quassel-irc.org/quasselclient.conf
This file was created on my system as chmod 644. So it is world readable.
The configuration file is plain Ascii:
[CoreAccounts]
1\AccountId=1
1\AccountName=example
1\HostName=chat.example.com
1\Password=pasword
1\User=user
So the password can be picked up by anybody.
The configuration file should be created chmod 600.
The password should be stored in a wallet manager, e.g. KDEwallet.
Best regards
Heinrich Schuchardt
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64, armhf
Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages quassel-client depends on:
ii dbus-x11 1.10.24-0+deb9u1
ii libc6 2.24-11+deb9u1
ii libdbusmenu-qt5-2 0.9.3+16.04.20160218-1
ii libkf5configwidgets5 5.28.0-2
ii libkf5coreaddons5 5.28.0-2
ii libkf5notifications5 5.28.0-1
ii libkf5notifyconfig5 5.28.0-1
ii libkf5sonnetui5 5.28.0-2
ii libkf5textwidgets5 5.28.0-1
ii libkf5widgetsaddons5 5.28.0-3
ii libkf5xmlgui5 5.28.0-1
ii libphonon4qt5-4 4:4.9.0-4
ii libqt5core5a 5.7.1+dfsg-3+b1
ii libqt5dbus5 5.7.1+dfsg-3+b1
ii libqt5gui5 5.7.1+dfsg-3+b1
ii libqt5network5 5.7.1+dfsg-3+b1
ii libqt5webkit5 5.7.1+dfsg-1
ii libqt5widgets5 5.7.1+dfsg-3+b1
ii libstdc++6 6.3.0-18
ii phonon4qt5 4:4.9.0-4
ii quassel-data 1:0.12.4-2
ii zlib1g 1:1.2.8.dfsg-5
quassel-client recommends no packages.
quassel-client suggests no packages.
-- no debconf information
More information about the pkg-kde-extras
mailing list