In KDE libksieve prior to 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
Debian Bug report logs -
#1069163
libkf5kmanagesieve5: CVE-2023-52723: sends password as username when authenticating against sieve servers
Package:
libkf5kmanagesieve5;
Maintainer for libkf5kmanagesieve5 is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libkf5kmanagesieve5 is src:libkf5ksieve (PTS, buildd, p ...
On Thu, Apr 25, 2024 at 06:10:54PM +0200, Jonas Schäfer wrote:
FTR, wwwcveorg/CVERecord?id=CVE-2023-52723 was assigned for
this issue
Regards,
Salvatore ...