In KDE libksieve prior to 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
Debian Bug report logs -
#1069163
libkf5kmanagesieve5: CVE-2023-52723: sends password as username when authenticating against sieve servers
Package:
libkf5kmanagesieve5;
Maintainer for libkf5kmanagesieve5 is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libkf5kmanagesieve5 is src:libkf5ksieve (PTS, buildd, p ...
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: libksieve (used by kmail/kontact) sent password as username
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: S ...
Vulmon