Theoretical possibility to guess someone's password by guessing and checking the state of the apply button. It will become disabled when password is right, may be even possible to write an app to perform those steps. Reproducible: Always Steps to Reproduce: 1.Open amarok 2.Setting -> configure amaroK 3.Go to AudioScrobbler settings 4.Delete current password, type the new one, button is enabled, type the right one, button is disabled. Actual Results: Button was disabled when password was right. Expected Results: Button state should not indicate the correctness of the password. [ebuild R ] media-sound/amarok-1.2.3 -arts -debug -flac -gstreamer -kde +kdeenablefinal -mad -mysql -noamazon -oggvorbis -opengl -visualization +xine - xinerama -xmms 5,919 kB [ebuild R ] kde-base/kdelibs-3.4.0-r2 +alsa -arts -cups -debug -doc -jpeg2k +kdeenablefinal -kerberos -openexr -spell +ssl +tiff -xinerama -zeroconf 0 kB
If you let <world> use your desktop account, you'll probably face bigger problems, than a stolen audioscrobbler acount. Take it upstream if you like, but from my point of view this is a non-issue.