Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kmail-account-wizard-20.08.2/src/personaldatapage.cpp Examining data/kmail-account-wizard-20.08.2/src/cryptopage.h Examining data/kmail-account-wizard-20.08.2/src/cryptopage.cpp Examining data/kmail-account-wizard-20.08.2/src/dialog.cpp Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabmail.h Examining data/kmail-account-wizard-20.08.2/src/setuppage.cpp Examining data/kmail-account-wizard-20.08.2/src/autotests/ldaptest.cpp Examining data/kmail-account-wizard-20.08.2/src/inprocess-main.cpp Examining data/kmail-account-wizard-20.08.2/src/inprocess-main.h Examining data/kmail-account-wizard-20.08.2/src/setupmanager.cpp Examining data/kmail-account-wizard-20.08.2/src/loadpage.cpp Examining data/kmail-account-wizard-20.08.2/src/setupmanager.h Examining data/kmail-account-wizard-20.08.2/src/setupobject.h Examining data/kmail-account-wizard-20.08.2/src/ldap.cpp Examining data/kmail-account-wizard-20.08.2/src/setuppage.h Examining data/kmail-account-wizard-20.08.2/src/providerpage.h Examining data/kmail-account-wizard-20.08.2/src/dialog.h Examining data/kmail-account-wizard-20.08.2/src/setupispdb.cpp Examining data/kmail-account-wizard-20.08.2/src/key.cpp Examining data/kmail-account-wizard-20.08.2/src/typepage.h Examining data/kmail-account-wizard-20.08.2/src/ldap.h Examining data/kmail-account-wizard-20.08.2/src/loadpage.h Examining data/kmail-account-wizard-20.08.2/src/page.h Examining data/kmail-account-wizard-20.08.2/src/providerpage.cpp Examining data/kmail-account-wizard-20.08.2/src/personaldatapage.h Examining data/kmail-account-wizard-20.08.2/src/key.h Examining data/kmail-account-wizard-20.08.2/src/identity.cpp Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabfreebusy.cpp Examining data/kmail-account-wizard-20.08.2/src/page.cpp Examining data/kmail-account-wizard-20.08.2/src/resource.cpp Examining data/kmail-account-wizard-20.08.2/src/setupobject.cpp Examining data/kmail-account-wizard-20.08.2/src/main.cpp Examining data/kmail-account-wizard-20.08.2/src/configfile.cpp Examining data/kmail-account-wizard-20.08.2/src/identity.h Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabfreebusy.h Examining data/kmail-account-wizard-20.08.2/src/typepage.cpp Examining data/kmail-account-wizard-20.08.2/src/servertest.h Examining data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabmailtest.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabldaptest.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/ispdbtest.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabfreebusy.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabmail.h Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabmail.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.h Examining data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h Examining data/kmail-account-wizard-20.08.2/src/ispdb/main.cpp Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.h Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp Examining data/kmail-account-wizard-20.08.2/src/global.h Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabldap.h Examining data/kmail-account-wizard-20.08.2/src/global.cpp Examining data/kmail-account-wizard-20.08.2/src/resource.h Examining data/kmail-account-wizard-20.08.2/src/transport.cpp Examining data/kmail-account-wizard-20.08.2/src/dynamicpage.cpp Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabmail.cpp Examining data/kmail-account-wizard-20.08.2/src/servertest.cpp Examining data/kmail-account-wizard-20.08.2/src/configfile.h Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabldap.cpp Examining data/kmail-account-wizard-20.08.2/src/transport.h Examining data/kmail-account-wizard-20.08.2/src/dynamicpage.h Examining data/kmail-account-wizard-20.08.2/src/setupispdb.h FINAL RESULTS: data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp:28:58: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void AutoconfigKolabFreebusy::lookupInDb(bool auth, bool crypt) data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp:34:81: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. startJob(lookupUrl(QStringLiteral("freebusy"), QStringLiteral("1.0"), auth, crypt)); data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.h:36:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void lookupInDb(bool auth, bool crypt) override; data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp:28:54: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void AutoconfigKolabLdap::lookupInDb(bool auth, bool crypt) data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp:34:77: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. startJob(lookupUrl(QStringLiteral("ldap"), QStringLiteral("1.0"), auth, crypt)); data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.h:37:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void lookupInDb(bool auth, bool crypt) override; data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:61:40: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void Ispdb::lookupInDb(bool auth, bool crypt) data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:64:77: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. startJob(lookupUrl(QStringLiteral("mail"), QStringLiteral("1.1"), auth, crypt)); data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:79:84: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. QUrl Ispdb::lookupUrl(const QString &type, const QString &version, bool auth, bool crypt) data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:95:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if (crypt) { data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h:127:45: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. virtual void lookupInDb(bool auth, bool crypt); data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h:148:81: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. QUrl lookupUrl(const QString &type, const QString &version, bool auth, bool crypt); data/kmail-account-wizard-20.08.2/src/autotests/ldaptest.cpp:38:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mTempFile.open(); data/kmail-account-wizard-20.08.2/src/cryptopage.cpp:295:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!keyFile.open(QIODevice::ReadOnly)) { data/kmail-account-wizard-20.08.2/src/dynamicpage.cpp:43:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly)) { ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 7609 in approximately 1.15 seconds (6594 lines/second) Physical Source Lines of Code (SLOC) = 5288 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 12 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 15 [3+] 12 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 2.83661 [1+] 2.83661 [2+] 2.83661 [3+] 2.26929 [4+] 2.26929 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.