Roundup Tracker - Issues


Author ThomasAH
Recipients ThomasAH, ber, ezio.melotti, luke
Date 2012-12-18.14:42:42
Message-id <>
Bernhard, in msg4367 you seem to think that someone needs to get hold of
the sent mail to retrieve the address.
The email address is displayed as "Email sent to" in
the web interface, even when just the username was entered in the
password reset form.

I consider this an information leak as it does not even use the
permission system, therefore upgrading to type security and severity
normal. I would even think that a higher severity level might be
Date User Action Args
2012-12-18 14:42:44ThomasAHsetmessageid: <>
2012-12-18 14:42:44ThomasAHsetrecipients: + ThomasAH, ber, ezio.melotti, luke
2012-12-18 14:42:44ThomasAHlinkissue2550716 messages
2012-12-18 14:42:42ThomasAHcreate