It shows login_name and password at URL bar when we are logging to bugzilla

RESOLVED DUPLICATE of bug 15980

Status

()

Bugzilla
User Accounts
RESOLVED DUPLICATE of bug 15980
15 years ago
5 years ago

People

(Reporter: Naveen Joshi, Assigned: myk)

Tracking

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/4.79 [en] (X11; U; Linux 2.4.18-3 i686)
Build Identifier: bugzilla 2.12

I have choose the log- in option and enter the email address and password. but
when I click the login button to go ahead it shows my password in the URL bar.

Reproducible: Always

Steps to Reproduce:
1.choose log -in button
2.fill up the email address and password
3.press login button 

Actual Results:  
shows password  at URL bar

Expected Results:  
password should be in encrepted format

Comment 1

15 years ago
Bugzilla
Assignee: ssaux → myk
Component: Daemon → User Accounts
Product: PSM → Bugzilla
QA Contact: junruh → matty
Version: unspecified → 2.17.3
(Reporter)

Comment 2

15 years ago
This problem is in bugzilla 2.14 ver. not in 2.17.1.
(Reporter)

Comment 3

15 years ago
This problem is in bugzilla 2.12 ver. which I am using rightnow.
(Assignee)

Comment 4

15 years ago
Moving from "security" group to "webtools security" group and cc:ing potentially
interested parties.  This bug won't be fixed because the problem does not occur
on any currently maintained version of Bugzilla, all of which POST the form to
the server.  You should upgrade your installation of Bugzilla to a more recent
version like 2.16.2.
Group: security → webtools-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → WONTFIX
Just out of interest, is this bug in the latest version of 2.14?

Gerv
(Reporter)

Comment 6

15 years ago
I am not sure that its in 2.14 or not , I  just mis-typed above. I found it only
2.12 version
This was fixed in Bugzilla 2.14.0.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Removing security flag because this had an advisory release a long time ago.

*** This bug has been marked as a duplicate of 15980 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago15 years ago
Resolution: --- → DUPLICATE
Version: 2.17.3 → 2.12
Naveen: version 2.12 has so many security holes in it it's not even funny.

Please do yourself a favor and upgrade.
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.