Werk #6549: Crash reports: Filter out password/_password from HTTP vars of GUI crashes
Komponente | User interface |
Titel | Crash reports: Filter out password/_password from HTTP vars of GUI crashes |
Datum | 05.09.2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.5.0p4 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
When a crash occurs during the login procedure where a user entered his password during verification of this password, the crash could contain this password in plain text in the HTTP variable data structure. The vars named password/_password are now explicitly filtered to prevent this.