Ticket #5434 (closed Bug: fixed)
Any logged in user can view prefs_mailhost_form, which exposes the esmtp password
|Reported by:||hannosch||Owned by:||brcwhit|
Just noticed I had a bug report from George Lee rotting in my inbox:
"Came across this -- in Plone 2.1.2, any logged in user can view prefs_mailhost_form, which exposes the ESMTP password if it exists. (It's obscured in the browser, but can easily be unmasked.)"
I guess this means direct attribute access to the esmtp password might also be only weakly secured.
- Status changed from assigned to closed
- Resolution set to fixed
- Milestone changed from 2.1.x to 2.1.3