SMTP password!!!!

Hey all,

I just noticed that your SMTP password, as entered in the Comodo Backup job parameters, is stored in the registry in PLAIN TEXT right next to the username!!! All a spammer needs to do is spoty this and do a bit of mining and they’ve got all the details to hijack and use your email account for spamming.

Bad Comodo! BAD!

Possible to encrypt? Maybe use a password on the app as a decrypt key?

Really needs to be looked at.

Ewen :frowning:

Ewen: Tx - forwarded on to devs.

Thanks for highlighting it Panic
Soon we are coming up with an update on Comodo BackUp side, will take care of it.

Glad to hear it. Updating to CPF or CAVS style GUI at the same time?

Ewen :slight_smile:

Hi panic

have u checked this, In the Email notify without providing the password also the mail is sent to the recipient mail address. Due to this the security is very very less ::). Instead the comodo people could provide a default smtp mail id from which the mail could be sent to the recipient

Problem still exists in V1.0.2

Ewen :slight_smile: