Werk #6549: Crash reports: Filter out password/_password from HTTP vars of GUI crashes
| Component | User interface | ||||
| Title | Crash reports: Filter out password/_password from HTTP vars of GUI crashes | ||||
| Date | Sep 5, 2018 | ||||
| Level | Trivial Change | ||||
| Class | Bug Fix | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
When a crash occurs during the login procedure where a user entered his password during verification of this password, the crash could contain this password in plain text in the HTTP variable data structure. The vars named password/_password are now explicitly filtered to prevent this.