Q1. What is the problem that you are trying to solve?
Email notifications from Passbolt when a password is shared include the “Username”, “URL”, and “Description” fields as plaintext in the email. These fields commonly include details that we would rather not share with untrusted parties, and it seems unnecessary to include them in the email notification.
I would prefer that these fields are excluded from emails by default. An administrator setting to select which fields to include in the email would be nice to have.
Q2 - Who is impacted?
All Passbolt users who share passwords.
Q3 - Why is it important and/or urgent?
The Username, URL and Description fields, while not so sensitive as to require encryption, are still data that can help an attacker to gain access to an account. It is not advisable to broadcast such information across the Internet in the clear.
Q4 - What is your proposed solution? (optional)
- As a Passbolt user, when I receive a password share notification email, it does not leak information from the password entry.
- Test case: Given a password entry in Passbolt, when it is shared with a user, then the notification email does not expose any details about the password entry except for its “name” identifier.
- Additional nice-to-have: administrator setting that allows fine-grained control over what fields are included in email notifications.