Details
-
Bug
-
Resolution: Fixed
-
Major
-
5.0-rc-1
Description
Reproduction steps:
- Create a user
- With Admin account, go to the user page in object editor, remove the user xobject and save
- Perform a diff between last version and previous one
Expected result:
- the password is obfuscated in the diff
Obtained result:
- the password value is displayed (should be a hash)
See attached screenshot.
Attachments
Issue Links
- is related to
-
XWIKI-9017 Possibility to see passwords hash in document history
- Closed
- relates to
-
XWIKI-21393 Allow admins to reset user passwords in batch
- Open