← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #34004

[Bug 1567186] [NEW] Passwords can accidentially end up in logs from badly made plugins

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Private security bug reported:

We have some code that suppresses the passwords in logs for LiveUser and
for AuthLdap

But we need to extend it out to be more encompassing

** Affects: mahara
     Importance: Critical
     Assignee: Robert Lyon (robertl-9)
         Status: In Progress


** Tags: security

** Information type changed from Public to Private Security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1567186

Title:
  Passwords can accidentially end up in logs from badly made plugins

Status in Mahara:
  In Progress

Bug description:
  We have some code that suppresses the passwords in logs for LiveUser
  and for AuthLdap

  But we need to extend it out to be more encompassing

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1567186/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next