Bug 428295 - Korganizer's groupwise module can not be configured not to store password in plaintext
Korganizer's groupwise module can not be configured not to store password in ...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: kdepim (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
https://bugzilla.novell.com/show_bug....
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-10 11:12 EST by Jay Turner
Modified: 2015-01-07 19:16 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-28 16:29:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 352920 None None None Never

  None (edit)
Description Lubomir Kundrak 2008-01-10 11:12:39 EST
Description of problem:

From Novell Bugzilla (see URL):
The groupwise module of korganizer stores the password in plain text in
.kde/share/config/kresources_kcal_groupwiserc and there is no way to avoid
that: if you delete the password from this file, starting korganizer fails with
an "invalid password" message. It should at least be possible to enter the
password "on demand".
... and/or offer use of kwallet

Additional information:

This, by itself is not a security issue, but would be nice to have fixed.
Comment 1 Lubomir Kundrak 2008-04-08 16:00:21 EDT
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: [2]

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html
[2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy

Thanks!
Comment 2 Bug Zapper 2008-05-14 00:22:22 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Steven M. Parrish 2008-06-23 16:10:49 EDT
There has been no movement on this issue. Do we want to address this or send it
upstream?
Comment 5 Steven M. Parrish 2008-07-28 16:29:58 EDT
The information we've requested above is required in order
to review this problem report further and diagnose or fix the
issue if it is still present.  Since it has been thirty days or
more since we first requested additional information, we're assuming
the problem is either no longer present in the current Fedora release, or
that there is no longer any interest in tracking the problem.

Setting status to "CLOSED INSUFFICIENT_DATA".  If you still
experience this problem after updating to our latest Fedora
release and can provide the information previously requested,
please feel free to reopen the bug report.

Thank you in advance.
Comment 6 Kevin Kofler 2008-07-28 16:35:37 EDT
I'd say this does not qualify as a bug. If you want more secure password 
storage methods to be used (e.g. KWallet, which IMHO is the right tool for the 
job), the right place to address this issue is upstream.

Note You need to log in before you can comment on or make changes to this bug.