bugSavane - Bugs: bug #15589, password may be briefly visible on...

 
 
Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #15589: password may be briefly visible on the address bar

Submitted by:  Paolo Bonzini <bonzini>
Submitted on:  Fri 12 Mar 2010 09:30:51 PM UTC  
 
Category: Web Frontend: MyStatus: None
Severity: 6 - SecurityPriority: E - Immediate
Assigned to: Security Team <savane-security>Open/Closed: Open
Release: 3.1Planned Release: 
Reproducibility: NonePrivacy: Public

Fri 12 Mar 2010 09:30:51 PM UTC, original submission:

login is done with a GET request. for this reason upon login, if the certificate is not valid (as is the case on sv.gnu.org using Safari) the URL may be visible in the address bar while the user clicks the dialog asking him to accept the certificate.

This is a problem especially if the window is wide enough to show the password field. Someone could peek from over the user's shoulders and read the password.

Paolo Bonzini <bonzini>

 

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by bonzini (Submitted the item)

    •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 2 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Fri 12 Mar 2010 09:30:51 PM UTCbonziniPriority-Automatic update due to transitions settings-=>E - Immediate
      Assigned to-Automatic update due to transitions settings-=>savane-security
    Show feedback again

    Back to the top


    Copyright (C) 2004-2006, the Gna! people. Posted items are owned by whoever posted them.
    Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

    Powered by Savane 3.1-cleanup