GNU bug report logs - #49289
28.0.50; auth-source-search may return doubly obfuscated :secret value

Previous Next

Package: emacs;

Reported by: Kazuhiro Ito <kzhr <at> d1.dion.ne.jp>

Date: Wed, 30 Jun 2021 10:19:01 UTC

Severity: normal

Found in version 28.0.50

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: Kazuhiro Ito <kzhr <at> d1.dion.ne.jp>, 49289 <at> debbugs.gnu.org
Subject: bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value
Date: Tue, 18 Jun 2024 17:00:57 +0200

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> Kazuhiro Ito <kzhr <at> d1.dion.ne.jp> writes:
>
>> I don't know whether auth-source supports multiple accounts on the
>> same host and whether it is a feature that auth-source-search tend to
>> return other user's password.  But I think doubly obfuscated :secret
>> value is obviously a bug.
>
> I think both things are bugs, and the second happens because of the
> first bug.  I've now pushed a fix for this to Emacs 28.

FTR, I've pushed a similar fix to the secrets and plstore backends. Will
be visible with Emacs 30.

Best regards, Michael.

This bug report was last modified 1 year and 31 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #49289 28.0.50; auth-source-search may return doubly obfuscated :secret value

GNU bug report logs - #49289
28.0.50; auth-source-search may return doubly obfuscated :secret value