Security: Possible password leak on duplicating connection

brittneybrinsfield / sequel-pro

Automatically exported from code.google.com/p/sequel-pro

Other

0 stars 0 forks source link

Security: Possible password leak on duplicating connection #1387

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

1. Create favourite connection and save password for it.
2. Create new connection using Duplicate method.
3. Duplicated connection now stores password from other connection.

That can possibly lead to password's hijacking using sniffers on remote host.

Original issue reported on code.google.com by WAS...@gmail.com on 29 Jun 2012 at 1:07

GoogleCodeExporter commented 9 years ago

Wow.  Good point.

In addition, editing a favourite (in the prefs in 0.9.9.1, or on the connection 
screen in development versions) would also allow changing the hostname to 
achieve the same aim.

Unfortunately I don't have any bright ideas on how to fix this without 
requiring the user to type in their password anew on each change, something I'm 
reluctant to do.  Anyone got any bright ideas on how to work around this 
security issue?

Original comment by rowanb@gmail.com on 29 Jun 2012 at 1:26

GoogleCodeExporter commented 9 years ago

Original comment by stuart02 on 24 Oct 2013 at 7:56

Changed state: Accepted
Added labels: Priority-Medium, Security, Type-Defect