security: obfuscate secrets in --debug=imap wire trace #22
Labels
No labels
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
dep-scan/ignore
finding
mod-nag
mod-nag
mod-nag
mod-nag
mod-nag
mod-nag
mod-nag
mod-nag/ignore
mod-nag/ignore
mod-nag/ignore
mod-nag/ignore
mod-nag/ignore
mod-nag/ignore
mod-nag/ignore
bug
doc
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
IUS/xr-invoiced#22
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The
--debug=imapflag dumps raw IMAP wire traffic to stderr, including theLOGINcommand with plaintext credentials:This is a security concern when debug output is shared (logs, bug reports, screenshots).
Suggested Fix
Mask the password in the debug writer before emitting it, e.g.:
Related Code
internal/imap/client.go—DebugWriterpassed toimapclient.OptionsStill open. The current debug writer still logs outbound IMAP commands before sending them, and Login still builds a raw LOGIN command containing the plaintext password.
Fixed in
7dbe3b5. IMAP LOGIN debug output now redacts the password by default, with explicit opt-in via --expose-credentials. Regression tests added in pkg/imapclient/client_test.go for masked default and exposed opt-in behavior.