Uploaded image for project: 'Picard'
  1. Picard
  2. PICARD-839

Picard 1.3.2 shows cleartext username & password on status line when errors occur

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • 1.4
    • 1.3.2
    • User Interface
    • None
    • Linux Mint 17.3, Ubuntu Studio 14.04

      When errors occur (like the collection server not responding), Picard shows the error in the GUI's status line, including http requests containing username & password in clear text. I regard this as a double security problem:

      Firstly, the username and password get shown for everyone to read in the status bar.

      Secondly, even with https requests, apparently the username & password get transmitted over the net in clear text, like in the example shown? (https://username:password@musicbrainz.org/ws/2/collection)

            Unassigned Unassigned
            moonbase Moonbase
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package
                1.4