View Revisions: Issue #3164

Summary 0003164: Logbook stores SMTP credentials as plain text
Revision 2019-02-20 00:08 by WA9PIE
Description The Logbook persists user-entered SMTP credentials in plain text on the user's machine.

Any software or social engineering process that gains access to the settings file will have the user's credentials plainly available. While transparent encryption without another password to key the encryption doesn't completely hide the secret, it does help prevent other entities from directly viewing the credential and is a best security practice.

The product should be fixed to not store this credential in plain text. Instead, user-local encryption should be used.
Revision 2019-02-06 11:08 by K7ZCZ
Description
The Logbook persists user-entered SMTP credentials in plain text on the user's machine.

Any software or social engineering process that gains access to the settings file will have the user's credentials plainly available. While transparent encryption without another password to key the encryption doesn't completely hide the secret, it does help prevent other entities from directly viewing the credential and is a best security practice.

The product should be fixed to not store this credential in plain text. Instead, user-local encryption should be used.