Fri, 10 Apr 2026 09:35:34 +0000 https://bugs.horde.org/ticket/1883 Insecure: sensitive data in login screen In 'imp/templates/login/login.inc' there are several hidden form fields that expose potentially sensitive network information - including the private IP address of the mail server, TCP port number, mail protocol, and whether TLS is on or off. There's no need for this data to be sent to clients, other than for programmers' convenience. <snip> <input type="hidden" name="server" value="10.100.0.23" /> <input type="hidden" name="port" value="143" /> <input type="hidden" name="namespace" value="INBOX." /> <input type="hidden" name="maildomain" value="enc.edu" /> <input type="hidden" name="protocol" value="imap/notls" /> </snip> Thu, 28 Apr 2005 14:39:56 +0000 https://bugs.horde.org/ticket/1883#t7780 Implemented in HEAD. Since it touches some fairly critical code, I want to run this for a week or two in head to make sure these changes are all good. Mon, 16 May 2005 05:03:00 +0000 https://bugs.horde.org/ticket/1883#t8215