Bug #50451: mgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools - Dashboard - Ceph

Actions

Copy link

Bug #50451

closed

mgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools

Added by Nizamudeen A about 3 years ago. Updated almost 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Nizamudeen A

Category:

Component - Services & Daemons

Target version:

% Done:

Source:

Tags:

security

Backport:

octopus, pacific

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

40954

Crash signature (v1):

Crash signature (v2):

Description

Username password are sending in the URL string

{"POST":{"scheme":"https","host":"10.8.128.45:8443","filename":"/api/user/validate_password","query":{"password":"admin456","username":"admin123"},"remote":{"Address":"10.8.128.45:8443"}}}

Password is visible in the body of the request.

Files

dev.png (14 KB) dev.png

Nizamudeen A, 04/21/2021 08:04 AM

Related issues 2 (0 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Custom queries

Bug #50451

mgr/dashboard: While changing the password in Dashboard, username and Password is clearly visible in developer tools

Updated by Nizamudeen A about 3 years ago

Updated by Nizamudeen A about 3 years ago

Updated by Ernesto Puerta about 3 years ago

Updated by Backport Bot about 3 years ago

Updated by Backport Bot about 3 years ago

Updated by Ernesto Puerta almost 3 years ago