Werk #6549: Crash reports: Filter out password/_password from HTTP vars of GUI crashes
Component | User interface |
Title | Crash reports: Filter out password/_password from HTTP vars of GUI crashes |
Date | Sep 5, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.5.0p4 1.6.0b1 |
Level | Trivial Change |
Class | Bug Fix |
Compatibility | Compatible - no manual interaction needed |
When a crash occurs during the login procedure where a user entered his password during verification of this password, the crash could contain this password in plain text in the HTTP variable data structure. The vars named password/_password are now explicitly filtered to prevent this.