Re: [Ekiga-list] Passwords stored and sent unencrypted - Security problem

From: Eugen Dedu <Eugen Dedu pu-pm univ-fcomte fr>
To: Ekiga mailing list <ekiga-list gnome org>
Subject: Re: [Ekiga-list] Passwords stored and sent unencrypted - Security problem
Date: Mon, 20 Aug 2012 15:27:19 +0200

On 18/08/12 08:16, Patrik Lermon wrote:

Greetings.

I'm not sure this is the correct list, but I just performed a password
reset on my ekiga.net account (here:
https://www.ekiga.net/index.php?page=forgot), and I was not very
pleased by receiving my password back in plain text.

This means ekiga not only stores my password (hopefully not in clear
text, but what do I know), but also chooses to send my password
unencrypted via mail. Ekiga should only store a hash, preferably
salted, and thus not send the password but instead offer me to reset
it and choose a new password.
I would like to get in touch with someone with the power to change
this behavior.

At http://wiki.ekiga.org/index.php/Manual#Authors you will find theauthors of ekiga.


See also https://bugzilla.gnome.org/show_bug.cgi?id=568135.

--
Eugen

References:
- [Ekiga-list] Passwords stored and sent unencrypted - Security problem
  - From: Patrik Lermon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]