Actions
Bug #16108
open
LDAP bind password sent in plaintext to frontend
Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.2
Affected Architecture:
All
Description
When an LDAP bind password is already set, this value is sent back to the user in plain text in the web UI. The field is masked (type=password) but F12 quickly reveals the password.
It would be good if the password was masked before it's sent to the user (sending ***** as the field value or something like that).
No data to display
Actions