Uploaded image for project: 'Picard'
  1. Picard
  2. PICARD-839

Picard 1.3.2 shows cleartext username & password on status line when errors occur

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 1.3.2
    • Fix Version/s: 1.4
    • Component/s: User Interface
    • Labels:
      None
    • Environment:
      Linux Mint 17.3, Ubuntu Studio 14.04

      Description

      When errors occur (like the collection server not responding), Picard shows the error in the GUI's status line, including http requests containing username & password in clear text. I regard this as a double security problem:

      Firstly, the username and password get shown for everyone to read in the status bar.

      Secondly, even with https requests, apparently the username & password get transmitted over the net in clear text, like in the example shown? (https://username:password@musicbrainz.org/ws/2/collection)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              moonbase Moonbase
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: