You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by ji...@apache.org on 2004/06/06 23:33:54 UTC

[jira] Closed: (JAMES-44) User passwords are displayed in the log

Message:

   The following issue has been closed.

---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/JAMES-44

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JAMES-44
    Summary: User passwords are displayed in the log
       Type: Bug

     Status: Closed
 Resolution: FIXED

    Project: James
 Components: 
             POP3Server
   Versions:
             2.0a3

   Assignee: 
   Reporter: Peter M. Goldstein

    Created: Sat, 27 Jul 2002 6:52 PM
    Updated: Sun, 6 Jun 2004 2:33 PM
Environment: Operating System: Other
Platform: Other

Description:
Contrary to standard security practices, the POP3Handler displays the user 
password in the log.  This allows the administrator or anyone with read-only 
access to the server logs to gain access to users' mailboxes.  Very bad.  Very 
easy fix.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org