[原文]Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
Local Access Required
Loss of Confidentiality
Kolab Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user authenticates to the secure SMTP server, which may disclose password in /kolab/var/postfix/log/postfix.log (which by default is world-readable) resulting in a loss of confidentiality.
Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.