Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
Easy
-
N/A
-
N/A
-
Description
This is pretty simple : if a user changes his password, any user (even unauthenticated ones) can see the former and the new password hash in the document history.
All the same, user's emails adress could be accessed this way.
Attachments
Issue Links
- relates to
-
XWIKI-19948 Password hash might be leaked by diff once the xobject holding them is deleted
- Closed
- links to