Closed Bug 289965 Opened 20 years ago Closed 20 years ago

Password visible in Query string

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.17.6
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 287436

People

(Reporter: rajesh.venkatesan, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

1. Login to Bugzilla
2. Create a tabular report
3. Copy the url for any of the resulting numbers (ex: buglist url for total
number of bugs)
4. Log out
5. Paste the url in your browser
6. Put in the username and password and login
7. In the buglist page click on change columns hyper link.

Now Password is visible in the URL.

This is not reproducible in BMO since all the assets are available for everyone
to query without logging into the application. 

Please try it where it is required for every one to login to system before they
query/add/edit bugs.

Reproducible: Always
Version: unspecified → 2.17.6

*** This bug has been marked as a duplicate of 287436 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Component: Query/Bug List → User Accounts
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.18
Target Milestone: Bugzilla 2.18 → ---
Status: RESOLVED → VERIFIED
The bug this is duplicate of is no longer secured, so unsecuring this one.
Group: webtools-security
You need to log in before you can comment on or make changes to this bug.