Bug#337830: Security problem in kphone
Sven Dreyer
sven at dreyer-net.de
Sun Nov 6 19:11:54 UTC 2005
Package: kphone
Version: 4.2-3
Severity: serious
I think I have found a security flaw in kphone:
it creates ~/.qt/kphonerc world-readable! This file contains the user's
SIP-password and so on, so I guess this is a bad thing, because the
~/.qt dir itself is by default also readable by everybody.
I removed the whole ~/.qt dir and restarted kphone: same behaviour.
Regards,
Sven
More information about the Pkg-voip-maintainers
mailing list