[Geoserver-devel] [JIRA] (GEOS-9127) Insecure Storage of credentials

Stephan created an issue

GeoServer / BugGEOS-9127

Insecure Storage of credentials

Issue Type:

BugBug

Affects Versions:

2.14.0

Assignee:

Unassigned

Components:

Security

Created:

14/Feb/19 9:38 PM

Priority:

MediumMedium

Reporter:

Stephan

When a user can access the administrative area of the site, it is possible to view the database connection information on an existing store. When viewing the data source, as seen below, the password is replaced with a line of asterisks. However, when a user views the source of the page, the information is shown in clear text

</li>
</ul><ul>
<li title=“password used to login”>
<label><span>passwd</span></label>
<div>

<input class=“text” type=“password” value=“SuperSecretPassword” name=“parametersPanel:parameters:6:parameterPanel:border:border_body:paramValue”/>

</div>
</li>

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100098-sha1:ec9f386)

Atlassian logo