Actions
Bug #50451
closedmgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools
Status:
Resolved
Priority:
Normal
Assignee:
Category:
Component - Services & Daemons
Target version:
-
% Done:
0%
Source:
Tags:
security
Backport:
octopus, pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Username password are sending in the URL string
{"POST":{"scheme":"https","host":"10.8.128.45:8443","filename":"/api/user/validate_password","query":{"password":"admin456","username":"admin123"},"remote":{"Address":"10.8.128.45:8443"}}}
Password is visible in the body of the request.
Files
Updated by Nizamudeen A about 3 years ago
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 40954
Updated by Ernesto Puerta about 3 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot about 3 years ago
- Copied to Backport #50475: octopus: mgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools added
Updated by Backport Bot about 3 years ago
- Copied to Backport #50476: pacific: mgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools added
Updated by Ernesto Puerta almost 3 years ago
- Status changed from Pending Backport to Resolved
Actions