You are here: Foswiki>Tasks Web>Item588 (28 Dec 2008, KennethLavrsen)Edit Attach

Item588: Security issue: When you register your password is saved in your home topic

pencil
Priority: Urgent
Current State: Closed
Released In: 1.0.0
Target Release: patch
Applies To: Engine
Component:
Branches:
Reported By: Foswiki:Main.KennethLavrsen
Waiting For:
Last Change By: KennethLavrsen
Someone must have made an enhancement recently so fields in the registration form that are not in the user form are added as bullet points in the users home topic.

The feature cannot have been tested much because you end up with your password in the user topic.

The item "Confirm" which is the confirmation of your password is seen as a normal variable.

It should have been excluded along with password.

Shame on you whoever you are for making a bug like this

Fixed. Fix will be in beta 2 which I guess I have to release quickly before too many are exposed to this

ItemTemplate edit

Summary Security issue: When you register your password is saved in your home topic
ReportedBy Foswiki:Main.KennethLavrsen
Codebase 1.0.0 beta1, trunk
SVN Range TWiki-4.2.3, Wed, 06 Aug 2008, build 17396
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:cdf8822d5048
TargetRelease patch
ReleasedIn 1.0.0
Edit  | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 28 Dec 2008, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy