Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9017

Possibility to see passwords hash in document history

    XMLWordPrintable

Details

    • Easy
    • N/A
    • N/A

    Description

      This is pretty simple : if a user changes his password, any user (even unauthenticated ones) can see the former and the new password hash in the document history.
      All the same, user's emails adress could be accessed this way.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19948 Password hash might be leaked by diff once the xobject holding them is deleted

          • Major - Major loss of function.
          • Closed
          links to

          Web Link Pull Request

          Activity

            People

              thomas_delafosse Thomas Delafosse
              thomas_delafosse Thomas Delafosse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: