Closed
Bug 13061
Opened 25 years ago
Closed 25 years ago
Security risk: bugzilla passwords show up in stdout
Categories
(SeaMonkey :: General, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
M13
People
(Reporter: cmaximus, Assigned: kmcclusk)
Details
Reporter | ||
Updated•25 years ago
|
Target Milestone: M1
t h i s i s a t e s t
Updated•25 years ago
|
Target Milestone: M1 → M11
Comment 1•25 years ago
|
||
marking m11. cc'ing davidm and morse. they should know more about this than I do. I've see this before though. as I type my mail news password, the characters show up in the console.
Comment 2•25 years ago
|
||
checked in a "fix". I don't see the "one character per line" behaviour, but I do see the "mPassword text is XXXXX" behaviour, which is scary too. jfrancis and buster: I just checked in a change to mozilla/editor/base/nsTextEditRules.cpp so that the code that prints out "mPassword text is XXXXX" is wrapped with #ifdef DEBUG_jfrancis and #ifdef DEBUG_buster, depending on who wrote the code. marking fixed.
Reporter | ||
Updated•25 years ago
|
Status: RESOLVED → REOPENED
Reporter | ||
Comment 3•25 years ago
|
||
the one character per line thing has nothing to do with this bug really. That was some wierd text field widget thing. I still see a problem with the 1999090708 Linux build. If I go to the Bugzilla main page and select 'forget current login' and then 'change password' I'm presented with the standard bugzilla login page. If I type in my name and password and click 'Login' the following is printed to the console. Bugzilla_login=claudius%40netscape.com&Bugzilla_password=XXXXXX&GoAheadAndLogin= login where of course XXXXXX is my password in clear text.
Updated•25 years ago
|
Status: REOPENED → ASSIGNED
Comment 4•25 years ago
|
||
claudius, the problem that you describe is caused by someone in the code doing a printf of the url, probably for some debugging reason. I'll try to hunt it down and wrap it with some #ifdef DEBUG_<author> lines. accepting.
Updated•25 years ago
|
Target Milestone: M11 → M10
Comment 6•25 years ago
|
||
Move milestone stoppers to M10
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Comment 7•25 years ago
|
||
I don't think this is still happening. marking works for me.
Reporter | ||
Updated•25 years ago
|
Status: RESOLVED → REOPENED
Reporter | ||
Comment 8•25 years ago
|
||
still happens exactly as I stated in my comments from 09/07 which seems different from what you fixed prior to that.
Updated•25 years ago
|
Target Milestone: M10 → M12
Comment 9•25 years ago
|
||
moving to m12.
Comment 10•25 years ago
|
||
Clearing WORKSFORME resolution due to Reopen.
Updated•25 years ago
|
Assignee: sspitzer → don
Status: REOPENED → NEW
Summary: passwords show up in stdout → bugzilla passwords show up in stdout
Comment 11•25 years ago
|
||
Seems like we're not talking about mail/news passwords here; reassigning to don.
Comment 12•25 years ago
|
||
Move to M13.
Updated•25 years ago
|
Assignee: don → danm
Summary: bugzilla passwords show up in stdout → Security risk: bugzilla passwords show up in stdout
Comment 13•25 years ago
|
||
Isn't this a generic dialog problem? danm. Reassign to me if you're swamped, I can look at this too.
Comment 14•25 years ago
|
||
When I follow Claudius' instructions from 09/07/99, I see form submission debug output, not generic dialog output. Reassigning for consideration to karnaze, who owns the printfs in question (DebugPrint and its use in nsFormFrame::OnSubmit).
Updated•25 years ago
|
Assignee: karnaze → kmcclusk
Comment 15•25 years ago
|
||
Reassigning to Kevin.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M13
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago → 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 16•25 years ago
|
||
Fixed in 1/6/2000 2:07PM build. I commented out the lines that where printing the contents of form elements when the form was submitted.
Reporter | ||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 17•25 years ago
|
||
VERIFIED fixed with 20000111 builds
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•