Werk #6549: Crash reports: Filter out password/_password from HTTP vars of GUI crashes
Component | User interface | ||||
Title | Crash reports: Filter out password/_password from HTTP vars of GUI crashes | ||||
Date | Sep 5, 2018 | ||||
Level | Trivial Change | ||||
Class | Bug Fix | ||||
Compatibility | Compatible - no manual interaction needed | ||||
Checkmk versions & editions |
|
When a crash occurs during the login procedure where a user entered his password during verification of this password, the crash could contain this password in plain text in the HTTP variable data structure. The vars named password/_password are now explicitly filtered to prevent this.