Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dataplane should not return the password for failed auth attempts #347

Open
AdamJCrawford opened this issue Nov 5, 2024 · 1 comment
Open

Dataplane should not return the password for failed auth attempts #347

AdamJCrawford opened this issue Nov 5, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@AdamJCrawford
Copy link

For failed auth attempts there are two (AFAIK) places in which the password gets returned and thus potentially logged. First and second. Seems like bad security practice to return password attempts even if they are incorrect. Additionally, if no password is set in the dataplane config file, any attempted password (even a potentially correct one) could still be logged. This could inadvertently expose passwords that users might reuse elsewhere.
@smeroth
Copy link

smeroth commented Nov 6, 2024

Engineering is aware about that.
It should be fixed soon.
Thanks

@bedis bedis added the bug Something isn't working label Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bedis @AdamJCrawford @smeroth