Closed
Bug 1810945
Opened 3 years ago
Closed 3 years ago
Admin credentials leaked
Categories
(Tree Management :: Treeherder, defect)
Tree Management
Treeherder
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: khageshwarjoshi03, Unassigned)
Details
Attachments
(1 file)
|
81.81 KB,
image/png
|
Details |
Screenshot (1171).png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Steps to reproduce:
- Visit the Url: https://hg.mozilla.org/automation/orangefactor/file/tip/woo_cron.conf.example
- See the credentials
Actual results:
Very sensitive information exposed to the anyone can abuse leads to serious problem to the company
Expected results:
Remove the credential completely or restrict the user to access it
|
||
Comment 1•3 years ago
|
||
This software is no longer in use, afaict (last commit 2018), the "example" in the name is not an accident, the api key is left blank, and the password is "MyPassword". I really hope that's not the actual password of anything of importance. Our mercurial code is public by default - we build open source software! - and that is intentional. This isn't a bug.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Component: Untriaged → Treeherder
Product: Firefox → Tree Management
Resolution: --- → INVALID
Version: Firefox 108 → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•