Actions
Bug #50451
closedmgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools
Status:
Resolved
Priority:
Normal
Assignee:
Category:
Component - Services & Daemons
Target version:
-
% Done:
0%
Source:
Tags:
security
Backport:
octopus, pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Username password are sending in the URL string
{"POST":{"scheme":"https","host":"10.8.128.45:8443","filename":"/api/user/validate_password","query":{"password":"admin456","username":"admin123"},"remote":{"Address":"10.8.128.45:8443"}}}
Password is visible in the body of the request.
Files
Actions