A security flaw was found in the way vCalendar plug-in of Claws Mail displayed user credential information in the system tray display when using https scheme. A local attacker could use this flaw to obtain user credentials (username and password) used for connection to remote point.
Upstream bug report:
Relevant upstream patch:
This issue affects the versions of the claws-mail-plugins package, as shipped with Fedora release of 16 and 17. Please schedule an update.
This issue affects the version of the claws-mail-plugins package, as shipped with Fedora EPEL 6. Please schedule an update.
Created claws-mail-plugins tracking bugs for this issue
Affects: fedora-all [bug 877375]
Affects: epel-6 [bug 877376]
CVE-2012-5527 was assigned to this issue: