If you enable logging, the log file contains your username and password, both in plain text.
This means that anyone with access to that log can now log in and pretend to be you. So, if I submit a log without manually removing that, I’ve revealed sensitive information to em client.
And this is hugely exploitable, because if you know someone uses em client, you could enable logging to steal their password.
We are aware of this issue and we plan to change it in the future so the passwords will not be logged anyway.
Next to a quick hotfix, I guess that’s the next best thing.
Didn’t even think that any programmer could do such coding and bring this “log users password feature in plain text” through QM tests.
Are there tests on exploits on emclient.com side?
Its years of work to earn users trust, but its just a minute to loose it.
funny I cant remember my password were exactly in the log is it found