Tested on LibreOffice:
Build ID: 420m0(Build:2)
Build ID: e5f16313668ac592c1bfb310f4390624e3dbfb75
OS: Ubuntu 14.04
-Navigate to: Tools > Options > LibreOffice Writer > Mail Merge E-mail > Server authentication
-Enter email information including username and password
-Confirm with Ok
-Go to your user profile (in ubuntu ~/.config/libreoffice/4/user) anyway open the registrymodifications.xcu file with a text editor
-Inside the file, search for your email password
-There it is, your email password in clear text!
Would expect my email password to be stored encrypted.
I guess is a bug, maybe is the intended behaviour but still is a security issue.
<item oor:path="/org.openoffice.Office.Writer/MailMergeWizard"><prop oor:name="MailPassword" oor:op="fuse"><value>ClearTextPassword</value></prop></item>
* Version: 220.127.116.11
* Build ID: f3153a8b245191196a4b6b9abd1d0da16eead600
* Locale: it_IT.UTF-8
* OS: openSUSE Tumbleweed (20151124) (x86_64)
* Version: 18.104.22.168.alpha0+
* Build ID: 0b1da98da44bc9acb9e42a5cd1842adf9d82a415
* CPU Threads: 4; OS Version: Linux 4.3; UI Render: default;
* TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2015-12-22_05:54:37
* Locale: it-IT (it_IT.UTF-8)
* OS: openSUSE Tumbleweed (20151124) (x86_64)
The password is stored in cleartext and the help page:
omits this information.
a) Add the information to the help page
b) Disallow the password saving
c) implement a master password manager (like kwalletmanager, GNOME Keyring Manager/Seahorse for GNU/Linux or Keychain Access for OSX or Credential Manager for Windows).
(In reply to Marina Latini from comment #1)
> a) Add the information to the help page
> b) Disallow the password saving
> c) implement a master password manager (like kwalletmanager, GNOME Keyring
> Manager/Seahorse for GNU/Linux or Keychain Access for OSX or Credential
> Manager for Windows).
So that should be three issues :) ?
(In reply to Cor Nouws from comment #2)
> (In reply to Marina Latini from comment #1)
> > Suggestions:
> > a) Add the information to the help page
> > b) Disallow the password saving
> > c) implement a master password manager (like kwalletmanager, GNOME Keyring
> > Manager/Seahorse for GNU/Linux or Keychain Access for OSX or Credential
> > Manager for Windows).
> So that should be three issues :) ?
The main problem is that the password is stored in clear text and the user doesn't know this.
If this report is considered as a real bug (not a feature ;) ) I could consider to split the report into 3 different issues.
Please, let me know the right steps :)
FYI: LibreOffice already has a password manager used e.g. with CMIS/WebDAV.
** Please read this message in its entirety before responding **
To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.
There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.
If you have time, please do the following:
Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/
If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.
If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.
Please DO NOT
Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not
appropriate in this case)
If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/
2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword
Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa
Thank you for helping us make LibreOffice even better for everyone!
The issue is still present in:
Build ID: e79dd394deedaeed122717700077b77d94360c12
CPU threads: 4; OS: Linux 4.16; UI render: default; VCL: kde4;
Locale: it-IT (it_IT.UTF-8); Calc: group threaded
@Stephan, I thought you could be interested in this issue...