Closed Bug 13061 Opened 21 years ago Closed 20 years ago
Security risk: bugzilla passwords show up in stdout
t h i s i s a t e s t
Target Milestone: M1 → M11
marking m11. cc'ing davidm and morse. they should know more about this than I do. I've see this before though. as I type my mail news password, the characters show up in the console.
checked in a "fix". I don't see the "one character per line" behaviour, but I do see the "mPassword text is XXXXX" behaviour, which is scary too. jfrancis and buster: I just checked in a change to mozilla/editor/base/nsTextEditRules.cpp so that the code that prints out "mPassword text is XXXXX" is wrapped with #ifdef DEBUG_jfrancis and #ifdef DEBUG_buster, depending on who wrote the code. marking fixed.
the one character per line thing has nothing to do with this bug really. That was some wierd text field widget thing. I still see a problem with the 1999090708 Linux build. If I go to the Bugzilla main page and select 'forget current login' and then 'change password' I'm presented with the standard bugzilla login page. If I type in my name and password and click 'Login' the following is printed to the console. Bugzilla_login=claudius%40netscape.com&Bugzilla_password=XXXXXX&GoAheadAndLogin= login where of course XXXXXX is my password in clear text.
Status: REOPENED → ASSIGNED
claudius, the problem that you describe is caused by someone in the code doing a printf of the url, probably for some debugging reason. I'll try to hunt it down and wrap it with some #ifdef DEBUG_<author> lines. accepting.
Clearing Fixed resolution due to reopen.
Move milestone stoppers to M10
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
I don't think this is still happening. marking works for me.
still happens exactly as I stated in my comments from 09/07 which seems different from what you fixed prior to that.
Target Milestone: M10 → M12
moving to m12.
Clearing WORKSFORME resolution due to Reopen.
Assignee: sspitzer → don
Status: REOPENED → NEW
Summary: passwords show up in stdout → bugzilla passwords show up in stdout
Seems like we're not talking about mail/news passwords here; reassigning to don.
Move to M13.
Assignee: don → danm
Summary: bugzilla passwords show up in stdout → Security risk: bugzilla passwords show up in stdout
Isn't this a generic dialog problem? danm. Reassign to me if you're swamped, I can look at this too.
When I follow Claudius' instructions from 09/07/99, I see form submission debug output, not generic dialog output. Reassigning for consideration to karnaze, who owns the printfs in question (DebugPrint and its use in nsFormFrame::OnSubmit).
Reassigning to Kevin.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago → 20 years ago
Resolution: --- → FIXED
Fixed in 1/6/2000 2:07PM build. I commented out the lines that where printing the contents of form elements when the form was submitted.
VERIFIED fixed with 20000111 builds
You need to log in before you can comment on or make changes to this bug.