Opened 6 hours ago
#35930 new Uncategorized
Database password visible on debug page (view source only)
| Reported by: | bytej4ck | Owned by: | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 4.1 |
| Severity: | Normal | Keywords: | db, password, exposed |
| Cc: | bytej4ck | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In debug page view, secrets are not visible due to masked with '*' but in view page source db password is visible:
Password length: 99
Characters: All password requirements including all symbols.
Attachments (1)
Note:
See TracTickets
for help on using tickets.