GNU bug report logs - #49289
28.0.50; auth-source-search may return doubly obfuscated :secret value

Previous Next

Package: emacs;

Reported by: Kazuhiro Ito <kzhr <at> d1.dion.ne.jp>

Date: Wed, 30 Jun 2021 10:19:01 UTC

Severity: normal

Found in version 28.0.50

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Kazuhiro Ito <kzhr <at> d1.dion.ne.jp>
Cc: 49289 <at> debbugs.gnu.org
Subject: bug#49289: 28.0.50; auth-source-search may return doubly obfuscated :secret value
Date: Wed, 30 Jun 2021 14:28:34 +0200

Kazuhiro Ito <kzhr <at> d1.dion.ne.jp> writes:

> I don't know whether auth-source supports multiple accounts on the
> same host and whether it is a feature that auth-source-search tend to
> return other user's password.  But I think doubly obfuscated :secret
> value is obviously a bug.

I think both things are bugs, and the second happens because of the
first bug.  I've now pushed a fix for this to Emacs 28.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

This bug report was last modified 1 year and 31 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #49289 28.0.50; auth-source-search may return doubly obfuscated :secret value

GNU bug report logs - #49289
28.0.50; auth-source-search may return doubly obfuscated :secret value