Issue 851 in vacuum-im: Account Passwords stored in open plaintext file
2 views
Skip to first unread message
vacu...@googlecode.com
Mar 23, 2015, 6:56:52 PM3/23/15
to vacuu...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Unknown Priority-High OpSys-Windows
New issue 851 by jul...@gmail.com: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
Как можно воспроизвести проблему?
What steps will reproduce the problem?
1. Create an account on some jabber server using vacuum-im nightly
2. go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
3. look in the xml file(s) ;-)
Какой результат вы ожидаете?
Что вы видите вместо этого?
What is the expected output?
For it to be encrypted, at least using AES 256 with the profile password.
What do you see instead?
It's readable by anyone with access to your HD.
Какую версию Vacuum-IM вы используете?
На какой операционной системе?
What version of the Vacuum-IM are you using?
latest nightly, but also the case with stable.
On what operating system?
Windows 7 x64.
Какая версия Qt у вас установлена?
What version of the Qt are you using?
4.8.6
Представьте любую дополнительную
информацию ниже.
Please provide any additional information below.
Storing passwords unencrypted doesn't have to be a problem if you allow us
to store the entire profile/dir on an encrypted volume (like with
DiskCryptor or TrueCrypt).
I don't see that option anywhere.
\AppData\Roaming\JRuDevels\VacuumIM\ needs to be a config set dir, so we can
change it to
some-encrypted-mounted-volume\JRuDevels\VacuumIM\
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Unknown Priority-High OpSys-Windows
New issue 851 by jul...@gmail.com: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
Как можно воспроизвести проблему?
What steps will reproduce the problem?
1. Create an account on some jabber server using vacuum-im nightly
2. go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
3. look in the xml file(s) ;-)
Какой результат вы ожидаете?
Что вы видите вместо этого?
What is the expected output?
For it to be encrypted, at least using AES 256 with the profile password.
What do you see instead?
It's readable by anyone with access to your HD.
Какую версию Vacuum-IM вы используете?
На какой операционной системе?
What version of the Vacuum-IM are you using?
latest nightly, but also the case with stable.
On what operating system?
Windows 7 x64.
Какая версия Qt у вас установлена?
What version of the Qt are you using?
4.8.6
Представьте любую дополнительную
информацию ниже.
Please provide any additional information below.
Storing passwords unencrypted doesn't have to be a problem if you allow us
to store the entire profile/dir on an encrypted volume (like with
DiskCryptor or TrueCrypt).
I don't see that option anywhere.
\AppData\Roaming\JRuDevels\VacuumIM\ needs to be a config set dir, so we can
change it to
some-encrypted-mounted-volume\JRuDevels\VacuumIM\
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
vacu...@googlecode.com
Mar 24, 2015, 2:19:43 AM3/24/15
to vacuu...@googlegroups.com
Updates:
Status: Checking
Labels: -Type-Unknown -Priority-High Type-Enhancement Priority-Medium
Comment #1 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
> go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
In this folser only recent contacts are stored, accounts with encrypted
passwords are stored in %user%\AppData\Roaming\JRuDevels\VacuumIM\profile.
In recent contacts only passwords to conferences can be stored in plain
text.
You can move VacuumIM folder from %user%\AppData\Roaming\JRuDevels to any
directory:
1) By passing command line parameter "-h <base-dir>": vacuum.exe -h
c:\encrypted
2) By adding parameter "DataPath"
to %user%\AppData\Roaming\JRuDevels\VacuumIM.ini: DataPath = "c:\encrypted"
Status: Checking
Labels: -Type-Unknown -Priority-High Type-Enhancement Priority-Medium
Comment #1 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
> go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
passwords are stored in %user%\AppData\Roaming\JRuDevels\VacuumIM\profile.
In recent contacts only passwords to conferences can be stored in plain
text.
You can move VacuumIM folder from %user%\AppData\Roaming\JRuDevels to any
directory:
1) By passing command line parameter "-h <base-dir>": vacuum.exe -h
c:\encrypted
2) By adding parameter "DataPath"
to %user%\AppData\Roaming\JRuDevels\VacuumIM.ini: DataPath = "c:\encrypted"
vacu...@googlecode.com
Mar 24, 2015, 2:20:43 AM3/24/15
to vacuu...@googlegroups.com
Updates:
Labels: Component-Logic
Comment #2 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
(No comment was entered for this change.)
Labels: Component-Logic
Comment #2 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
(No comment was entered for this change.)
vacu...@googlecode.com
Mar 25, 2015, 5:43:30 AM3/25/15
to vacuu...@googlegroups.com
Updates:
Status: Fixed
Comment #3 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
fixed in r2502
Recent conferences passwords now saved with encryption.
Status: Fixed
Comment #3 on issue 851 by potapov.s.a: Account Passwords stored in open
plaintext file
https://code.google.com/p/vacuum-im/issues/detail?id=851
fixed in r2502
Recent conferences passwords now saved with encryption.
Reply all
Reply to author
Forward
0 new messages