Affects Version/s: 6.0.X EE, 6.1.0 CE RC1
Environment:Tomcat 6.0.32 + MySQL 5. 6.0.x Revision 87114.
Tomcat 6.0.32 + MySQL 5. 6.1.x Revision 87221.
I tried the Mail portlet on my website and I had exceptions because of the Bug #12001.
But I also had the following exception, with the password I use to connect to my mail server clearly viewable in the logs :
That's a huge security breach to me. You could replace the password by its MD5 hash, in order to have it safe and verifiable in the logs.
How to reproduce :
- Add a "Mail" portlet on one of your private page on your website
- Add a mail account
- Access to your Inbox and try to send a mail.